{
  "GSD": {
    "alias": "CVE-2018-1000134",
    "description": "UnboundID LDAP SDK version from commit 801111d8b5c732266a5dbd4b3bb0b6c7b94d7afb up to commit 8471904a02438c03965d21367890276bc25fa5a6, where the issue was reported and fixed contains an Incorrect Access Control vulnerability in process function in SimpleBindRequest class doesn\u0027t check for empty password when running in synchronous mode. commit with applied fix https://github.com/pingidentity/ldapsdk/commit/8471904a02438c03965d21367890276bc25fa5a6#diff-f6cb23b459be1ec17df1da33760087fd that can result in Ability to impersonate any valid user. This attack appear to be exploitable via Providing valid username and empty password against servers that do not do additional validation as per https://tools.ietf.org/html/rfc4513#section-5.1.1. This vulnerability appears to have been fixed in after commit 8471904a02438c03965d21367890276bc25fa5a6.",
    "id": "GSD-2018-1000134",
    "references": [
      "https://access.redhat.com/errata/RHSA-2018:1713"
    ]
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2018-1000134"
      ],
      "details": "UnboundID LDAP SDK version from commit 801111d8b5c732266a5dbd4b3bb0b6c7b94d7afb up to commit 8471904a02438c03965d21367890276bc25fa5a6, where the issue was reported and fixed contains an Incorrect Access Control vulnerability in process function in SimpleBindRequest class doesn\u0027t check for empty password when running in synchronous mode. commit with applied fix https://github.com/pingidentity/ldapsdk/commit/8471904a02438c03965d21367890276bc25fa5a6#diff-f6cb23b459be1ec17df1da33760087fd that can result in Ability to impersonate any valid user. This attack appear to be exploitable via Providing valid username and empty password against servers that do not do additional validation as per https://tools.ietf.org/html/rfc4513#section-5.1.1. This vulnerability appears to have been fixed in after commit 8471904a02438c03965d21367890276bc25fa5a6.",
      "id": "GSD-2018-1000134",
      "modified": "2023-12-13T01:22:27.838989Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "cve@mitre.org",
        "DATE_ASSIGNED": "3/10/2018 17:15:01",
        "ID": "CVE-2018-1000134",
        "REQUESTER": "stanis.shkel@gmail.com",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "n/a",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "n/a"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "n/a"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "UnboundID LDAP SDK version from commit 801111d8b5c732266a5dbd4b3bb0b6c7b94d7afb up to commit 8471904a02438c03965d21367890276bc25fa5a6, where the issue was reported and fixed contains an Incorrect Access Control vulnerability in process function in SimpleBindRequest class doesn\u0027t check for empty password when running in synchronous mode. commit with applied fix https://github.com/pingidentity/ldapsdk/commit/8471904a02438c03965d21367890276bc25fa5a6#diff-f6cb23b459be1ec17df1da33760087fd that can result in Ability to impersonate any valid user. This attack appear to be exploitable via Providing valid username and empty password against servers that do not do additional validation as per https://tools.ietf.org/html/rfc4513#section-5.1.1. This vulnerability appears to have been fixed in after commit 8471904a02438c03965d21367890276bc25fa5a6."
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "n/a"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "RHSA-2018:1713",
            "refsource": "REDHAT",
            "url": "https://access.redhat.com/errata/RHSA-2018:1713"
          },
          {
            "name": "103458",
            "refsource": "BID",
            "url": "http://www.securityfocus.com/bid/103458"
          },
          {
            "name": "https://github.com/pingidentity/ldapsdk/issues/40",
            "refsource": "CONFIRM",
            "url": "https://github.com/pingidentity/ldapsdk/issues/40"
          }
        ]
      }
    },
    "gitlab.com": {
      "advisories": [
        {
          "affected_range": "[1.1.0,4.0.5)",
          "affected_versions": "All versions starting from 1.1.0 before 4.0.5",
          "cvss_v2": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
          "cvss_v3": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
          "cwe_ids": [
            "CWE-1035",
            "CWE-521",
            "CWE-937"
          ],
          "date": "2022-06-30",
          "description": "UnboundID LDAP SDK version from commit 801111d8b5c732266a5dbd4b3bb0b6c7b94d7afb up to commit 8471904a02438c03965d21367890276bc25fa5a6, where the issue was reported and fixed contains an Incorrect Access Control vulnerability in process function in SimpleBindRequest class does not check for empty password when running in synchronous mode. commit with applied fix https://github.com/pingidentity/ldapsdk/commit/8471904a02438c03965d21367890276bc25fa5a6#diff-f6cb23b459be1ec17df1da33760087fd that can result in Ability to impersonate any valid user. This attack appear to be exploitable via Providing valid username and empty password against servers that do not do additional validation as per https://tools.ietf.org/html/rfc4513#section-5.1.1. This vulnerability appears to have been fixed in after commit 8471904a02438c03965d21367890276bc25fa5a6.",
          "fixed_versions": [
            "4.0.5"
          ],
          "identifier": "CVE-2018-1000134",
          "identifiers": [
            "GHSA-qwq9-8rpf-8mp7",
            "CVE-2018-1000134"
          ],
          "not_impacted": "All versions before 1.1.0, all versions starting from 4.0.5",
          "package_slug": "maven/com.unboundid/unboundid-ldapsdk",
          "pubdate": "2022-05-13",
          "solution": "Upgrade to version 4.0.5 or above.",
          "title": "Weak Password Requirements",
          "urls": [
            "https://nvd.nist.gov/vuln/detail/CVE-2018-1000134",
            "https://github.com/pingidentity/ldapsdk/issues/40",
            "https://access.redhat.com/errata/RHSA-2018:1713",
            "http://www.securityfocus.com/bid/103458",
            "https://github.com/pingidentity/ldapsdk/commit/801111d8b5c732266a5dbd4b3bb0b6c7b94d7afb",
            "https://github.com/pingidentity/ldapsdk/commit/8471904a02438c03965d21367890276bc25fa5a6#diff-f6cb23b459be1ec17df1da33760087fd",
            "https://github.com/advisories/GHSA-qwq9-8rpf-8mp7"
          ],
          "uuid": "1674aca9-8873-4b39-b16f-6141a332dee2"
        }
      ]
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:pingidentity:ldapsdk:*:*:*:*:*:java:*:*",
                "cpe_name": [],
                "versionEndIncluding": "4.0.5",
                "versionStartIncluding": "1.1.0",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2018-1000134"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "UnboundID LDAP SDK version from commit 801111d8b5c732266a5dbd4b3bb0b6c7b94d7afb up to commit 8471904a02438c03965d21367890276bc25fa5a6, where the issue was reported and fixed contains an Incorrect Access Control vulnerability in process function in SimpleBindRequest class doesn\u0027t check for empty password when running in synchronous mode. commit with applied fix https://github.com/pingidentity/ldapsdk/commit/8471904a02438c03965d21367890276bc25fa5a6#diff-f6cb23b459be1ec17df1da33760087fd that can result in Ability to impersonate any valid user. This attack appear to be exploitable via Providing valid username and empty password against servers that do not do additional validation as per https://tools.ietf.org/html/rfc4513#section-5.1.1. This vulnerability appears to have been fixed in after commit 8471904a02438c03965d21367890276bc25fa5a6."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "CWE-521"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://github.com/pingidentity/ldapsdk/issues/40",
              "refsource": "CONFIRM",
              "tags": [
                "Third Party Advisory"
              ],
              "url": "https://github.com/pingidentity/ldapsdk/issues/40"
            },
            {
              "name": "103458",
              "refsource": "BID",
              "tags": [
                "Third Party Advisory",
                "VDB Entry"
              ],
              "url": "http://www.securityfocus.com/bid/103458"
            },
            {
              "name": "RHSA-2018:1713",
              "refsource": "REDHAT",
              "tags": [],
              "url": "https://access.redhat.com/errata/RHSA-2018:1713"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "cvssV2": {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "availabilityImpact": "PARTIAL",
            "baseScore": 7.5,
            "confidentialityImpact": "PARTIAL",
            "integrityImpact": "PARTIAL",
            "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
            "version": "2.0"
          },
          "exploitabilityScore": 10.0,
          "impactScore": 6.4,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "HIGH",
          "userInteractionRequired": false
        },
        "baseMetricV3": {
          "cvssV3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 9.8,
            "baseSeverity": "CRITICAL",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.0"
          },
          "exploitabilityScore": 3.9,
          "impactScore": 5.9
        }
      },
      "lastModifiedDate": "2019-10-03T00:03Z",
      "publishedDate": "2018-03-16T14:29Z"
    }
  }
}

{
  "affected": [
    {
      "package": {
        "ecosystem": "Maven",
        "name": "com.unboundid:unboundid-ldapsdk"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "1.1.0"
            },
            {
              "fixed": "4.0.5"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2018-1000134"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-521"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2022-06-30T18:01:12Z",
    "nvd_published_at": "2018-03-16T14:29:00Z",
    "severity": "CRITICAL"
  },
  "details": "UnboundID LDAP SDK version from commit 801111d8b5c732266a5dbd4b3bb0b6c7b94d7afb up to commit 8471904a02438c03965d21367890276bc25fa5a6, where the issue was reported and fixed contains an Incorrect Access Control vulnerability in process function in SimpleBindRequest class doesn\u0027t check for empty password when running in synchronous mode. The issue can result in ability to impersonate any valid user. This attack appear to be exploitable via Providing valid username and empty password against servers that do not do additional validation as per https://tools.ietf.org/html/rfc4513#section-5.1.1. This vulnerability appears to have been fixed in commit 8471904a02438c03965d21367890276bc25fa5a6.",
  "id": "GHSA-qwq9-8rpf-8mp7",
  "modified": "2022-06-30T18:01:12Z",
  "published": "2022-05-13T01:48:32Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2018-1000134"
    },
    {
      "type": "WEB",
      "url": "https://github.com/pingidentity/ldapsdk/issues/40"
    },
    {
      "type": "WEB",
      "url": "https://github.com/pingidentity/ldapsdk/commit/801111d8b5c732266a5dbd4b3bb0b6c7b94d7afb"
    },
    {
      "type": "WEB",
      "url": "https://github.com/pingidentity/ldapsdk/commit/8471904a02438c03965d21367890276bc25fa5a6#diff-f6cb23b459be1ec17df1da33760087fd"
    },
    {
      "type": "WEB",
      "url": "https://access.redhat.com/errata/RHSA-2018:1713"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/pingidentity/ldapsdk"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/bid/103458"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ],
  "summary": "Weak Password Requirements in UnboundID LDAP SDK"
}

{
  "document": {
    "aggregate_severity": {
      "namespace": "https://access.redhat.com/security/updates/classification/",
      "text": "Critical"
    },
    "category": "csaf_security_advisory",
    "csaf_version": "2.0",
    "distribution": {
      "text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "en",
    "notes": [
      {
        "category": "summary",
        "text": "An update is now available for Red Hat Process Automation Manager.\n\nRed Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
        "title": "Topic"
      },
      {
        "category": "general",
        "text": "Red Hat Process Automation Manager is an open source business process management suite that combines process management and decision service management and enables business and IT users to create, manage, validate, and deploy process applications and decision services.\n\nThis asynchronous security patch is an update to Red Hat Process Automation Manager 7.\n\nSecurity Fixes:\n\n* lucene: Solr: Code execution via entity expansion (CVE-2017-12629)\n\n* handlebars: nodejs-handlebars: an endless loop while processing specially-crafted templates leads to DoS (CVE-2019-20922)\n\n* handlebars: nodejs-handlebars: lookup helper fails to properly validate templates allowing for arbitrary JavaScript execution (CVE-2019-20920)\n\n* handlebars: nodejs-handlebars: Remote code execution when compiling untrusted compile templates with compat:true option (CVE-2021-23383)\n\n* handlebars: nodejs-handlebars: Remote code execution when compiling untrusted compile templates with strict:true option (CVE-2021-23369)\n\n* rhpam-7-businesscentral-rhel8-container: maven: Block repositories using http by default (CVE-2021-26291)\n\n* unboundid-ldapsdk: Incorrect Access Control vulnerability in process function in SimpleBindRequest class (CVE-2018-1000134)\n\n* handlebars: nodejs-handlebars: prototype pollution leading to remote code execution via crafted payloads (CVE-2019-19919)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.",
        "title": "Details"
      },
      {
        "category": "legal_disclaimer",
        "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
        "title": "Terms of Use"
      }
    ],
    "publisher": {
      "category": "vendor",
      "contact_details": "https://access.redhat.com/security/team/contact/",
      "issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
      "name": "Red Hat Product Security",
      "namespace": "https://www.redhat.com"
    },
    "references": [
      {
        "category": "self",
        "summary": "https://access.redhat.com/errata/RHSA-2023:1334",
        "url": "https://access.redhat.com/errata/RHSA-2023:1334"
      },
      {
        "category": "external",
        "summary": "https://access.redhat.com/security/updates/classification/#critical",
        "url": "https://access.redhat.com/security/updates/classification/#critical"
      },
      {
        "category": "external",
        "summary": "1501529",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1501529"
      },
      {
        "category": "external",
        "summary": "1557531",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1557531"
      },
      {
        "category": "external",
        "summary": "1789959",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1789959"
      },
      {
        "category": "external",
        "summary": "1882256",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1882256"
      },
      {
        "category": "external",
        "summary": "1882260",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1882260"
      },
      {
        "category": "external",
        "summary": "1948761",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1948761"
      },
      {
        "category": "external",
        "summary": "1955739",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1955739"
      },
      {
        "category": "external",
        "summary": "1956688",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1956688"
      },
      {
        "category": "self",
        "summary": "Canonical URL",
        "url": "https://security.access.redhat.com/data/csaf/v2/advisories/2023/rhsa-2023_1334.json"
      }
    ],
    "title": "Red Hat Security Advisory: Red Hat Process Automation Manager 7.13.2 security update",
    "tracking": {
      "current_release_date": "2024-11-15T12:04:11+00:00",
      "generator": {
        "date": "2024-11-15T12:04:11+00:00",
        "engine": {
          "name": "Red Hat SDEngine",
          "version": "4.2.1"
        }
      },
      "id": "RHSA-2023:1334",
      "initial_release_date": "2023-03-20T09:15:52+00:00",
      "revision_history": [
        {
          "date": "2023-03-20T09:15:52+00:00",
          "number": "1",
          "summary": "Initial version"
        },
        {
          "date": "2023-03-20T09:15:52+00:00",
          "number": "2",
          "summary": "Last updated version"
        },
        {
          "date": "2024-11-15T12:04:11+00:00",
          "number": "3",
          "summary": "Last generated version"
        }
      ],
      "status": "final",
      "version": "3"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_name",
                "name": "RHPAM 7.13.1 async",
                "product": {
                  "name": "RHPAM 7.13.1 async",
                  "product_id": "RHPAM 7.13.1 async",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:redhat:jboss_enterprise_bpms_platform:7.13"
                  }
                }
              }
            ],
            "category": "product_family",
            "name": "Red Hat Process Automation Manager"
          }
        ],
        "category": "vendor",
        "name": "Red Hat"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2017-12629",
      "cwe": {
        "id": "CWE-138",
        "name": "Improper Neutralization of Special Elements"
      },
      "discovery_date": "2017-10-12T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "1501529"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "It was found that Apache Lucene would accept an object from an unauthenticated user that could be manipulated through subsequent post requests. An attacker could use this flaw to assemble an object that could permit execution of arbitrary code if the server enabled Apache Solr\u0027s Config API.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "Solr: Code execution via entity expansion",
          "title": "Vulnerability summary"
        },
        {
          "category": "other",
          "text": "The following products are not affected by this flaw, as they do not use the vulnerable functionality of either aspect of the issue.\nRed Hat JBoss Enterprise Application Platform 6\nRed Hat JBoss BPM Suite\nRed Hat JBoss BRMS\nRed Hat Enterprise Virtualization Manager\nRed Hat Single Sign-On 7\nRed Hat JBoss Portal Platform 6\n\nRed Hat JBoss Enterprise Application Platform 7 is not affected by this flaw. However, it does ship the vulnerable Lucene class in a dependency to another component. Customers who reuse the lucene-queryparser jar in their applications may be vulnerable to the External Entity Expansion aspect of this flaw. This will be patched in a forthcoming release.\n\nRed Hat JBoss Fuse is not affected by this flaw, as it does not use the vulnerable functionality of either aspect of this flaw. Fuse customers who may be running external Solr servers, while not affected from the Fuse side, are advised to secure their Solr servers as recommended in the mitigation provided.\n\nThe following products ship only the Lucene components relevant to this flaw, and are not vulnerable to the second portion of the vulnerability, the code execution exploit. As such, the impact of this flaw has been determined to be Moderate for these respective products:\nRed Hat JBoss Data Grid 7 \nRed Hat Enterprise Linux 6\nRed Hat Software Collections 2.4\n\nThis issue did not affect the versions of lucene as shipped with Red Hat Enterprise Linux 5.\n\nThis issue does not affect Elasticsearch as shipped in OpenShift Container Platform.",
          "title": "Statement"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "RHPAM 7.13.1 async"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2017-12629"
        },
        {
          "category": "external",
          "summary": "RHBZ#1501529",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1501529"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2017-12629",
          "url": "https://www.cve.org/CVERecord?id=CVE-2017-12629"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2017-12629",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-12629"
        },
        {
          "category": "external",
          "summary": "https://access.redhat.com/security/vulnerabilities/CVE-2017-12629",
          "url": "https://access.redhat.com/security/vulnerabilities/CVE-2017-12629"
        }
      ],
      "release_date": "2017-10-12T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2023-03-20T09:15:52+00:00",
          "details": "For on-premise installations, before applying the update, back up your existing installation including all applications, configuration files, databases and database settings, and so on.\n\nRed Hat recommends that you halt the server by stopping the JBoss Application Server process before installing this update. After installing the update, restart the server by starting the JBoss Application Server process.\n\nThe References section of this erratum contains a download link. You must log in to download the update.",
          "product_ids": [
            "RHPAM 7.13.1 async"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2023:1334"
        },
        {
          "category": "workaround",
          "details": "Until fixes are available, all Solr users are advised to restart their Solr instances with the system parameter `-Ddisable.configEdit=true`. This will disallow any changes to be made to configurations via the Config API. This is a key factor in this vulnerability, since it allows GET requests to add the RunExecutableListener to the config.\n\nThis is sufficient to protect from this type of attack, but means you cannot use the edit capabilities of the Config API until further fixes are in place.",
          "product_ids": [
            "RHPAM 7.13.1 async"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v2": {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "availabilityImpact": "COMPLETE",
            "baseScore": 10.0,
            "confidentialityImpact": "COMPLETE",
            "integrityImpact": "COMPLETE",
            "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
            "version": "2.0"
          },
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 9.8,
            "baseSeverity": "CRITICAL",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.0"
          },
          "products": [
            "RHPAM 7.13.1 async"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "Solr: Code execution via entity expansion"
    },
    {
      "cve": "CVE-2018-1000134",
      "cwe": {
        "id": "CWE-284",
        "name": "Improper Access Control"
      },
      "discovery_date": "2018-03-16T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "1557531"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "UnboundID LDAP SDK version from commit 801111d8b5c732266a5dbd4b3bb0b6c7b94d7afb up to commit 8471904a02438c03965d21367890276bc25fa5a6, where the issue was reported and fixed contains an Incorrect Access Control vulnerability in process function in SimpleBindRequest class doesn\u0027t check for empty password when running in synchronous mode. commit with applied fix https://github.com/pingidentity/ldapsdk/commit/8471904a02438c03965d21367890276bc25fa5a6#diff-f6cb23b459be1ec17df1da33760087fd that can result in Ability to impersonate any valid user. This attack appear to be exploitable via Providing valid username and empty password against servers that do not do additional validation as per https://tools.ietf.org/html/rfc4513#section-5.1.1. This vulnerability appears to have been fixed in after commit 8471904a02438c03965d21367890276bc25fa5a6.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "unboundid-ldapsdk: Incorrect Access Control vulnerability in process function in SimpleBindRequest class",
          "title": "Vulnerability summary"
        },
        {
          "category": "other",
          "text": "Red Hat Enterprise Virtualization does not use the UnboundID SDK in synchronous mode, and hence does not expose this vulnerability in its default configuration.",
          "title": "Statement"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "RHPAM 7.13.1 async"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2018-1000134"
        },
        {
          "category": "external",
          "summary": "RHBZ#1557531",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1557531"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2018-1000134",
          "url": "https://www.cve.org/CVERecord?id=CVE-2018-1000134"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2018-1000134",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2018-1000134"
        },
        {
          "category": "external",
          "summary": "https://nawilson.com/2018/03/19/cve-2018-1000134-and-the-unboundid-ldap-sdk-for-java/",
          "url": "https://nawilson.com/2018/03/19/cve-2018-1000134-and-the-unboundid-ldap-sdk-for-java/"
        }
      ],
      "release_date": "2018-03-16T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2023-03-20T09:15:52+00:00",
          "details": "For on-premise installations, before applying the update, back up your existing installation including all applications, configuration files, databases and database settings, and so on.\n\nRed Hat recommends that you halt the server by stopping the JBoss Application Server process before installing this update. After installing the update, restart the server by starting the JBoss Application Server process.\n\nThe References section of this erratum contains a download link. You must log in to download the update.",
          "product_ids": [
            "RHPAM 7.13.1 async"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2023:1334"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "HIGH",
            "attackVector": "LOCAL",
            "availabilityImpact": "HIGH",
            "baseScore": 7.0,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H",
            "version": "3.0"
          },
          "products": [
            "RHPAM 7.13.1 async"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "unboundid-ldapsdk: Incorrect Access Control vulnerability in process function in SimpleBindRequest class"
    },
    {
      "cve": "CVE-2019-19919",
      "cwe": {
        "id": "CWE-471",
        "name": "Modification of Assumed-Immutable Data (MAID)"
      },
      "discovery_date": "2020-01-10T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "1789959"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A flaw was found in nodejs-handlebars, where it is vulnerable to Prototype Pollution leading to Remote Code Execution. Templates may alter an Object\u0027s __proto__ and __defineGetter__ properties, which allows an attacker to execute arbitrary code through crafted payloads. The highest threat from this vulnerability is to confidentiality and integrity.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "nodejs-handlebars: prototype pollution leading to remote code execution via crafted payloads",
          "title": "Vulnerability summary"
        },
        {
          "category": "other",
          "text": "Red Hat Quay includes Handlebars.js as a development dependency. It does not use Handlebars.js at runtime to process templates so it has been given a low impact rating.",
          "title": "Statement"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "RHPAM 7.13.1 async"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2019-19919"
        },
        {
          "category": "external",
          "summary": "RHBZ#1789959",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1789959"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2019-19919",
          "url": "https://www.cve.org/CVERecord?id=CVE-2019-19919"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2019-19919",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-19919"
        }
      ],
      "release_date": "2019-09-24T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2023-03-20T09:15:52+00:00",
          "details": "For on-premise installations, before applying the update, back up your existing installation including all applications, configuration files, databases and database settings, and so on.\n\nRed Hat recommends that you halt the server by stopping the JBoss Application Server process before installing this update. After installing the update, restart the server by starting the JBoss Application Server process.\n\nThe References section of this erratum contains a download link. You must log in to download the update.",
          "product_ids": [
            "RHPAM 7.13.1 async"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2023:1334"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 4.2,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "LOW",
            "integrityImpact": "LOW",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N",
            "version": "3.1"
          },
          "products": [
            "RHPAM 7.13.1 async"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Low"
        }
      ],
      "title": "nodejs-handlebars: prototype pollution leading to remote code execution via crafted payloads"
    },
    {
      "cve": "CVE-2019-20920",
      "cwe": {
        "id": "CWE-20",
        "name": "Improper Input Validation"
      },
      "discovery_date": "2020-09-18T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "1882260"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A flaw was found in nodejs-handlebars, where affected versions of handlebars are vulnerable to arbitrary code execution. The package lookup helper fails to properly validate templates, allowing attackers to submit templates that execute arbitrary JavaScript into the system. This issue is used to run arbitrary code in a server processing Handlebars templates or on a victim\u0027s browser (effectively serving as Cross-Site Scripting). The highest threat from this vulnerability is to confidentiality.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "nodejs-handlebars: lookup helper fails to properly validate templates allowing for arbitrary JavaScript execution",
          "title": "Vulnerability summary"
        },
        {
          "category": "other",
          "text": "Red Hat Quay includes Handlebars.js as a development dependency. It does not use Handlebars.js at runtime to process templates, so it has been given a low impact rating.\n\nRed Hat Virtualization includes Handlebars.js in two components. In ovirt-engine-ui-extentions, the version used is newer and is not affected by this flaw. In ovirt-web-ui, Handlebars.js is included as a development dependency and is not used at runtime to process templates, so it has been given a low impact rating.\n\nRed Hat OpenShift Container Platform (OCP) 4 delivers the kibana package, which includes Handlebars.js. From OCP 4.6, the kibana package is no longer shipped and will not be fixed. The openshift4/ose-logging-kibana6 container includes Handlebars.js directly as container first code. The vulnerable version of Handlebars.js is also included in openshift4/ose-grafana, but as the Grafana instance is in read-only mode, the configuration/dashboards cannot be modified.",
          "title": "Statement"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "RHPAM 7.13.1 async"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2019-20920"
        },
        {
          "category": "external",
          "summary": "RHBZ#1882260",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1882260"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2019-20920",
          "url": "https://www.cve.org/CVERecord?id=CVE-2019-20920"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2019-20920",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-20920"
        },
        {
          "category": "external",
          "summary": "https://www.npmjs.com/advisories/1316",
          "url": "https://www.npmjs.com/advisories/1316"
        },
        {
          "category": "external",
          "summary": "https://www.npmjs.com/advisories/1324",
          "url": "https://www.npmjs.com/advisories/1324"
        }
      ],
      "release_date": "2019-11-04T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2023-03-20T09:15:52+00:00",
          "details": "For on-premise installations, before applying the update, back up your existing installation including all applications, configuration files, databases and database settings, and so on.\n\nRed Hat recommends that you halt the server by stopping the JBoss Application Server process before installing this update. After installing the update, restart the server by starting the JBoss Application Server process.\n\nThe References section of this erratum contains a download link. You must log in to download the update.",
          "product_ids": [
            "RHPAM 7.13.1 async"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2023:1334"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "availabilityImpact": "LOW",
            "baseScore": 8.1,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "LOW",
            "privilegesRequired": "NONE",
            "scope": "CHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:L/A:L",
            "version": "3.1"
          },
          "products": [
            "RHPAM 7.13.1 async"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "nodejs-handlebars: lookup helper fails to properly validate templates allowing for arbitrary JavaScript execution"
    },
    {
      "cve": "CVE-2019-20922",
      "cwe": {
        "id": "CWE-400",
        "name": "Uncontrolled Resource Consumption"
      },
      "discovery_date": "2020-09-18T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "1882256"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A flaw was found in nodejs-handlebars, where affected versions of handlebars are vulnerable to a denial of service. The package\u0027s parser may be forced into an endless loop while processing specially-crafted templates. This flaw allows attackers to exhaust system resources, leading to a denial of service.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "nodejs-handlebars: an endless loop while processing specially-crafted templates leads to DoS",
          "title": "Vulnerability summary"
        },
        {
          "category": "other",
          "text": "Red Hat Quay includes Handlebars.js as a development dependency. It does not use Handlebars.js at runtime to process templates, so it has been given a low impact rating.\n\nRed Hat Virtualization includes Handlebars.js in two components. In ovirt-engine-ui-extentions, the version used is newer and not affected by this flaw. In the ovirt-web-ui,Handlebars.js is included as a development dependency and is not used at runtime to process templates, so it has been given a low impact rating.\n\nRed Hat OpenShift Container Platform (OCP) 4 delivers the kibana package, which includes Handlebars.js. From OCP 4.6, the kibana package is no longer shipped and will not be fixed. The openshift4/ose-logging-kibana6 container includes Handlebars.js directly as container first code. The vulnerable version of Handlebars.js is also included in openshift4/ose-grafana, but as the Grafana instance is in read-only mode, the configuration/dashboards cannot be modified.",
          "title": "Statement"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "RHPAM 7.13.1 async"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2019-20922"
        },
        {
          "category": "external",
          "summary": "RHBZ#1882256",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1882256"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2019-20922",
          "url": "https://www.cve.org/CVERecord?id=CVE-2019-20922"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2019-20922",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-20922"
        },
        {
          "category": "external",
          "summary": "https://www.npmjs.com/advisories/1300",
          "url": "https://www.npmjs.com/advisories/1300"
        }
      ],
      "release_date": "2019-11-04T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2023-03-20T09:15:52+00:00",
          "details": "For on-premise installations, before applying the update, back up your existing installation including all applications, configuration files, databases and database settings, and so on.\n\nRed Hat recommends that you halt the server by stopping the JBoss Application Server process before installing this update. After installing the update, restart the server by starting the JBoss Application Server process.\n\nThe References section of this erratum contains a download link. You must log in to download the update.",
          "product_ids": [
            "RHPAM 7.13.1 async"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2023:1334"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "RHPAM 7.13.1 async"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "nodejs-handlebars: an endless loop while processing specially-crafted templates leads to DoS"
    },
    {
      "cve": "CVE-2021-23369",
      "cwe": {
        "id": "CWE-94",
        "name": "Improper Control of Generation of Code (\u0027Code Injection\u0027)"
      },
      "discovery_date": "2021-04-12T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "1948761"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A flaw was found in nodejs-handlebars. A missing check when getting prototype properties in the template function allows an attacker, who can provide untrusted handlebars templates, to execute arbitrary code in the javascript system (e.g. browser or server) when the template is compiled with the strict:true option. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "nodejs-handlebars: Remote code execution when compiling untrusted compile templates with strict:true option",
          "title": "Vulnerability summary"
        },
        {
          "category": "other",
          "text": "Red Hat OpenShift Container Platform (OCP) 4 delivers the kibana package which includes Handlebars.js. From OCP 4.6, the kibana package is no longer shipped and will not be fixed. \nThe openshift4/ose-logging-kibana6 container includes Handlebars.js directly as container first code.\n\nIn OpenShift Container Platform (OCP), OpenShift ServiceMesh (OSSM) and Red Hat Advanced Cluster Management for Kubernetes (RHACM) some components include the vulnerable handlebars library, but access is protected by OpenShift OAuth what reducing impact by this flaw to LOW.\n\nRed Hat Quay includes Handlebars.js as a development dependency. It does not use Handlebars.js at runtime to process templates so have been given a low impact rating.\n\nRed Hat Gluster Storage 3 bundles vulnerable Handlebars.js (with pcs), however it does not use \"strict\" option and templates from external sources, hence this issue has been rated as having a security impact of Low.\n\nIn Red Hat Virtualization ovirt-engine-ui-extensions and ovirt-web-ui Handlebars.js is included as a dependency of conventional-changelog-writer,  it does not impact production code and as such has been given a low impact rating and set to wontfix. Handlebars.js may be updated to a newer version in future updates.",
          "title": "Statement"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "RHPAM 7.13.1 async"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2021-23369"
        },
        {
          "category": "external",
          "summary": "RHBZ#1948761",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1948761"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2021-23369",
          "url": "https://www.cve.org/CVERecord?id=CVE-2021-23369"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-23369",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-23369"
        }
      ],
      "release_date": "2021-04-12T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2023-03-20T09:15:52+00:00",
          "details": "For on-premise installations, before applying the update, back up your existing installation including all applications, configuration files, databases and database settings, and so on.\n\nRed Hat recommends that you halt the server by stopping the JBoss Application Server process before installing this update. After installing the update, restart the server by starting the JBoss Application Server process.\n\nThe References section of this erratum contains a download link. You must log in to download the update.",
          "product_ids": [
            "RHPAM 7.13.1 async"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2023:1334"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 9.8,
            "baseSeverity": "CRITICAL",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "RHPAM 7.13.1 async"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "nodejs-handlebars: Remote code execution when compiling untrusted compile templates with strict:true option"
    },
    {
      "cve": "CVE-2021-23383",
      "cwe": {
        "id": "CWE-94",
        "name": "Improper Control of Generation of Code (\u0027Code Injection\u0027)"
      },
      "discovery_date": "2021-04-12T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "1956688"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A flaw was found in nodejs-handlebars. A unescaped value in the JavaScriptCompiler.prototype.depthedLookup function allows an attacker, who can provide untrusted handlebars templates, to execute arbitrary code in the javascript system (e.g. browser or server) when the template is compiled with the compat:true option. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "nodejs-handlebars: Remote code execution when compiling untrusted compile templates with compat:true option",
          "title": "Vulnerability summary"
        },
        {
          "category": "other",
          "text": "Red Hat OpenShift Container Platform (OCP) 4 delivers the kibana component which includes Handlebars.js.  Starting in 4.6, kibana is shipping as \"container first\" content.  As such, the fix for OCP will be seen in the affected products table under openshift4/ose-logging-kibana6.  The separate package \"kibana\" listed under \"OpenShift Container Platform 4\" is only used by 4.5 and earlier and will not be fixed.\n\nIn OpenShift Container Platform (OCP) and OpenShift ServiceMesh (OSSM) some components include the vulnerable handlebars library, but access is protected by OpenShift OAuth what reducing impact by this flaw to LOW.\n\nRed Hat Quay includes Handlebars.js as a development dependency. It does not use Handlebars.js at runtime to process templates so have been given a low impact rating.\n\nRed Hat Gluster Storage 3 bundles vulnerable Handlebars.js (with pcs), however it does not use \"compat\" option and templates from external sources, hence this issue has been rated as having a security impact of Low.",
          "title": "Statement"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "RHPAM 7.13.1 async"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2021-23383"
        },
        {
          "category": "external",
          "summary": "RHBZ#1956688",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1956688"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2021-23383",
          "url": "https://www.cve.org/CVERecord?id=CVE-2021-23383"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-23383",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-23383"
        }
      ],
      "release_date": "2021-04-12T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2023-03-20T09:15:52+00:00",
          "details": "For on-premise installations, before applying the update, back up your existing installation including all applications, configuration files, databases and database settings, and so on.\n\nRed Hat recommends that you halt the server by stopping the JBoss Application Server process before installing this update. After installing the update, restart the server by starting the JBoss Application Server process.\n\nThe References section of this erratum contains a download link. You must log in to download the update.",
          "product_ids": [
            "RHPAM 7.13.1 async"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2023:1334"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 9.8,
            "baseSeverity": "CRITICAL",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "RHPAM 7.13.1 async"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "nodejs-handlebars: Remote code execution when compiling untrusted compile templates with compat:true option"
    },
    {
      "cve": "CVE-2021-26291",
      "cwe": {
        "id": "CWE-200",
        "name": "Exposure of Sensitive Information to an Unauthorized Actor"
      },
      "discovery_date": "2021-04-23T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "1955739"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A flaw was found in maven. Repositories that are defined in a dependency\u2019s Project Object Model (pom), which may be unknown to users, are used by default resulting in potential risk if a malicious actor takes over that repository or is able to insert themselves into a position to pretend to be that repository. The highest threat from this vulnerability is to data confidentiality and integrity.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "maven: Block repositories using http by default",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "RHPAM 7.13.1 async"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2021-26291"
        },
        {
          "category": "external",
          "summary": "RHBZ#1955739",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1955739"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2021-26291",
          "url": "https://www.cve.org/CVERecord?id=CVE-2021-26291"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-26291",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-26291"
        },
        {
          "category": "external",
          "summary": "https://maven.apache.org/docs/3.8.1/release-notes.html#cve-2021-26291",
          "url": "https://maven.apache.org/docs/3.8.1/release-notes.html#cve-2021-26291"
        }
      ],
      "release_date": "2021-04-23T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2023-03-20T09:15:52+00:00",
          "details": "For on-premise installations, before applying the update, back up your existing installation including all applications, configuration files, databases and database settings, and so on.\n\nRed Hat recommends that you halt the server by stopping the JBoss Application Server process before installing this update. After installing the update, restart the server by starting the JBoss Application Server process.\n\nThe References section of this erratum contains a download link. You must log in to download the update.",
          "product_ids": [
            "RHPAM 7.13.1 async"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2023:1334"
        },
        {
          "category": "workaround",
          "details": "To avoid possible man-in-the-middle related attacks with this flaw, ensure any linked repositories in maven POMs use https and not http.",
          "product_ids": [
            "RHPAM 7.13.1 async"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 7.4,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N",
            "version": "3.1"
          },
          "products": [
            "RHPAM 7.13.1 async"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "maven: Block repositories using http by default"
    }
  ]
}

{
  "document": {
    "aggregate_severity": {
      "namespace": "https://access.redhat.com/security/updates/classification/",
      "text": "Moderate"
    },
    "category": "csaf_security_advisory",
    "csaf_version": "2.0",
    "distribution": {
      "text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "en",
    "notes": [
      {
        "category": "summary",
        "text": "An update for unboundid-ldapsdk is now available for Red Hat Virtualization Engine 4.1.\n\nRed Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
        "title": "Topic"
      },
      {
        "category": "general",
        "text": "The UnboundID LDAP SDK for Java is a free Java library for communicating with LDAP directory servers and performing related tasks like reading and writing LDIF, encoding and decoding data using base64 and ASN.1 BER, and performing secure communications.\n\nThe following packages have been upgraded to a later upstream version: unboundid-ldapsdk (4.0.5). (BZ#1558308)\n\nSecurity Fix(es):\n\n* unboundid-ldapsdk: Incorrect Access Control vulnerability in process function in SimpleBindRequest class (CVE-2018-1000134)\n\nFor more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section.",
        "title": "Details"
      },
      {
        "category": "legal_disclaimer",
        "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
        "title": "Terms of Use"
      }
    ],
    "publisher": {
      "category": "vendor",
      "contact_details": "https://access.redhat.com/security/team/contact/",
      "issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
      "name": "Red Hat Product Security",
      "namespace": "https://www.redhat.com"
    },
    "references": [
      {
        "category": "self",
        "summary": "https://access.redhat.com/errata/RHSA-2018:1713",
        "url": "https://access.redhat.com/errata/RHSA-2018:1713"
      },
      {
        "category": "external",
        "summary": "https://access.redhat.com/security/updates/classification/#moderate",
        "url": "https://access.redhat.com/security/updates/classification/#moderate"
      },
      {
        "category": "external",
        "summary": "1557531",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1557531"
      },
      {
        "category": "self",
        "summary": "Canonical URL",
        "url": "https://security.access.redhat.com/data/csaf/v2/advisories/2018/rhsa-2018_1713.json"
      }
    ],
    "title": "Red Hat Security Advisory: unboundid-ldapsdk security update",
    "tracking": {
      "current_release_date": "2024-11-14T23:43:02+00:00",
      "generator": {
        "date": "2024-11-14T23:43:02+00:00",
        "engine": {
          "name": "Red Hat SDEngine",
          "version": "4.2.1"
        }
      },
      "id": "RHSA-2018:1713",
      "initial_release_date": "2018-05-24T07:35:14+00:00",
      "revision_history": [
        {
          "date": "2018-05-24T07:35:14+00:00",
          "number": "1",
          "summary": "Initial version"
        },
        {
          "date": "2018-05-24T07:35:14+00:00",
          "number": "2",
          "summary": "Last updated version"
        },
        {
          "date": "2024-11-14T23:43:02+00:00",
          "number": "3",
          "summary": "Last generated version"
        }
      ],
      "status": "final",
      "version": "3"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_name",
                "name": "Red Hat Virtualization Manager 4.1",
                "product": {
                  "name": "Red Hat Virtualization Manager 4.1",
                  "product_id": "7Server-RHV-S-4.1",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:redhat:rhev_manager:4"
                  }
                }
              }
            ],
            "category": "product_family",
            "name": "Red Hat Virtualization"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "unboundid-ldapsdk-0:4.0.5-1.el7ev.src",
                "product": {
                  "name": "unboundid-ldapsdk-0:4.0.5-1.el7ev.src",
                  "product_id": "unboundid-ldapsdk-0:4.0.5-1.el7ev.src",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/unboundid-ldapsdk@4.0.5-1.el7ev?arch=src"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "src"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "unboundid-ldapsdk-0:4.0.5-1.el7ev.noarch",
                "product": {
                  "name": "unboundid-ldapsdk-0:4.0.5-1.el7ev.noarch",
                  "product_id": "unboundid-ldapsdk-0:4.0.5-1.el7ev.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/unboundid-ldapsdk@4.0.5-1.el7ev?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "unboundid-ldapsdk-javadoc-0:4.0.5-1.el7ev.noarch",
                "product": {
                  "name": "unboundid-ldapsdk-javadoc-0:4.0.5-1.el7ev.noarch",
                  "product_id": "unboundid-ldapsdk-javadoc-0:4.0.5-1.el7ev.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/unboundid-ldapsdk-javadoc@4.0.5-1.el7ev?arch=noarch"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "noarch"
          }
        ],
        "category": "vendor",
        "name": "Red Hat"
      }
    ],
    "relationships": [
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "unboundid-ldapsdk-0:4.0.5-1.el7ev.noarch as a component of Red Hat Virtualization Manager 4.1",
          "product_id": "7Server-RHV-S-4.1:unboundid-ldapsdk-0:4.0.5-1.el7ev.noarch"
        },
        "product_reference": "unboundid-ldapsdk-0:4.0.5-1.el7ev.noarch",
        "relates_to_product_reference": "7Server-RHV-S-4.1"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "unboundid-ldapsdk-0:4.0.5-1.el7ev.src as a component of Red Hat Virtualization Manager 4.1",
          "product_id": "7Server-RHV-S-4.1:unboundid-ldapsdk-0:4.0.5-1.el7ev.src"
        },
        "product_reference": "unboundid-ldapsdk-0:4.0.5-1.el7ev.src",
        "relates_to_product_reference": "7Server-RHV-S-4.1"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "unboundid-ldapsdk-javadoc-0:4.0.5-1.el7ev.noarch as a component of Red Hat Virtualization Manager 4.1",
          "product_id": "7Server-RHV-S-4.1:unboundid-ldapsdk-javadoc-0:4.0.5-1.el7ev.noarch"
        },
        "product_reference": "unboundid-ldapsdk-javadoc-0:4.0.5-1.el7ev.noarch",
        "relates_to_product_reference": "7Server-RHV-S-4.1"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2018-1000134",
      "cwe": {
        "id": "CWE-284",
        "name": "Improper Access Control"
      },
      "discovery_date": "2018-03-16T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "1557531"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "UnboundID LDAP SDK version from commit 801111d8b5c732266a5dbd4b3bb0b6c7b94d7afb up to commit 8471904a02438c03965d21367890276bc25fa5a6, where the issue was reported and fixed contains an Incorrect Access Control vulnerability in process function in SimpleBindRequest class doesn\u0027t check for empty password when running in synchronous mode. commit with applied fix https://github.com/pingidentity/ldapsdk/commit/8471904a02438c03965d21367890276bc25fa5a6#diff-f6cb23b459be1ec17df1da33760087fd that can result in Ability to impersonate any valid user. This attack appear to be exploitable via Providing valid username and empty password against servers that do not do additional validation as per https://tools.ietf.org/html/rfc4513#section-5.1.1. This vulnerability appears to have been fixed in after commit 8471904a02438c03965d21367890276bc25fa5a6.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "unboundid-ldapsdk: Incorrect Access Control vulnerability in process function in SimpleBindRequest class",
          "title": "Vulnerability summary"
        },
        {
          "category": "other",
          "text": "Red Hat Enterprise Virtualization does not use the UnboundID SDK in synchronous mode, and hence does not expose this vulnerability in its default configuration.",
          "title": "Statement"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "7Server-RHV-S-4.1:unboundid-ldapsdk-0:4.0.5-1.el7ev.noarch",
          "7Server-RHV-S-4.1:unboundid-ldapsdk-0:4.0.5-1.el7ev.src",
          "7Server-RHV-S-4.1:unboundid-ldapsdk-javadoc-0:4.0.5-1.el7ev.noarch"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2018-1000134"
        },
        {
          "category": "external",
          "summary": "RHBZ#1557531",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1557531"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2018-1000134",
          "url": "https://www.cve.org/CVERecord?id=CVE-2018-1000134"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2018-1000134",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2018-1000134"
        },
        {
          "category": "external",
          "summary": "https://nawilson.com/2018/03/19/cve-2018-1000134-and-the-unboundid-ldap-sdk-for-java/",
          "url": "https://nawilson.com/2018/03/19/cve-2018-1000134-and-the-unboundid-ldap-sdk-for-java/"
        }
      ],
      "release_date": "2018-03-16T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2018-05-24T07:35:14+00:00",
          "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
          "product_ids": [
            "7Server-RHV-S-4.1:unboundid-ldapsdk-0:4.0.5-1.el7ev.noarch",
            "7Server-RHV-S-4.1:unboundid-ldapsdk-0:4.0.5-1.el7ev.src",
            "7Server-RHV-S-4.1:unboundid-ldapsdk-javadoc-0:4.0.5-1.el7ev.noarch"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2018:1713"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "HIGH",
            "attackVector": "LOCAL",
            "availabilityImpact": "HIGH",
            "baseScore": 7.0,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H",
            "version": "3.0"
          },
          "products": [
            "7Server-RHV-S-4.1:unboundid-ldapsdk-0:4.0.5-1.el7ev.noarch",
            "7Server-RHV-S-4.1:unboundid-ldapsdk-0:4.0.5-1.el7ev.src",
            "7Server-RHV-S-4.1:unboundid-ldapsdk-javadoc-0:4.0.5-1.el7ev.noarch"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "unboundid-ldapsdk: Incorrect Access Control vulnerability in process function in SimpleBindRequest class"
    }
  ]
}