Action not permitted
Modal body text goes here.
cve-2020-10714
Vulnerability from cvelistv5
Published
2020-09-23 12:28
Modified
2024-08-04 11:14
Severity ?
EPSS score ?
Summary
A flaw was found in WildFly Elytron version 1.11.3.Final and before. When using WildFly Elytron FORM authentication with a session ID in the URL, an attacker could perform a session fixation attack. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.
References
▼ | URL | Tags | |
---|---|---|---|
secalert@redhat.com | https://bugzilla.redhat.com/show_bug.cgi?id=1825714 | Issue Tracking, Mitigation, Vendor Advisory | |
secalert@redhat.com | https://security.netapp.com/advisory/ntap-20201223-0002/ | Third Party Advisory |
Impacted products
▼ | Vendor | Product |
---|---|---|
n/a | wildfly-elytron |
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-04T11:14:14.215Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1825714" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://security.netapp.com/advisory/ntap-20201223-0002/" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "wildfly-elytron", "vendor": "n/a", "versions": [ { "status": "affected", "version": "wildfly-elytron 1.10.7.Final" } ] } ], "descriptions": [ { "lang": "en", "value": "A flaw was found in WildFly Elytron version 1.11.3.Final and before. When using WildFly Elytron FORM authentication with a session ID in the URL, an attacker could perform a session fixation attack. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability." } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-384", "description": "CWE-384", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2020-12-23T07:06:28", "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat" }, "references": [ { "tags": [ "x_refsource_MISC" ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1825714" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://security.netapp.com/advisory/ntap-20201223-0002/" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "secalert@redhat.com", "ID": "CVE-2020-10714", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "wildfly-elytron", "version": { "version_data": [ { "version_value": "wildfly-elytron 1.10.7.Final" } ] } } ] }, "vendor_name": "n/a" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "A flaw was found in WildFly Elytron version 1.11.3.Final and before. When using WildFly Elytron FORM authentication with a session ID in the URL, an attacker could perform a session fixation attack. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "CWE-384" } ] } ] }, "references": { "reference_data": [ { "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1825714", "refsource": "MISC", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1825714" }, { "name": "https://security.netapp.com/advisory/ntap-20201223-0002/", "refsource": "CONFIRM", "url": "https://security.netapp.com/advisory/ntap-20201223-0002/" } ] } } } }, "cveMetadata": { "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "assignerShortName": "redhat", "cveId": "CVE-2020-10714", "datePublished": "2020-09-23T12:28:17", "dateReserved": "2020-03-20T00:00:00", "dateUpdated": "2024-08-04T11:14:14.215Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1", "meta": { "nvd": "{\"cve\":{\"id\":\"CVE-2020-10714\",\"sourceIdentifier\":\"secalert@redhat.com\",\"published\":\"2020-09-23T13:15:15.233\",\"lastModified\":\"2022-11-08T13:58:38.320\",\"vulnStatus\":\"Analyzed\",\"descriptions\":[{\"lang\":\"en\",\"value\":\"A flaw was found in WildFly Elytron version 1.11.3.Final and before. When using WildFly Elytron FORM authentication with a session ID in the URL, an attacker could perform a session fixation attack. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.\"},{\"lang\":\"es\",\"value\":\"Se encontr\u00f3 un fallo en versi\u00f3n 1.11.3.Final y anteriores de WildFly Elytron.\u0026#xa0;Cuando se usa la autenticaci\u00f3n FORM de WildFly Elytron con un ID de sesi\u00f3n en la URL, un atacante podr\u00eda llevar a cabo un ataque de fijaci\u00f3n de sesi\u00f3n.\u0026#xa0;La mayor amenaza de esta vulnerabilidad es la confidencialidad e integridad de los datos, as\u00ed como la disponibilidad del sistema\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"HIGH\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"REQUIRED\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\",\"baseScore\":7.5,\"baseSeverity\":\"HIGH\"},\"exploitabilityScore\":1.6,\"impactScore\":5.9}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:H/Au:N/C:P/I:P/A:P\",\"accessVector\":\"NETWORK\",\"accessComplexity\":\"HIGH\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"PARTIAL\",\"integrityImpact\":\"PARTIAL\",\"availabilityImpact\":\"PARTIAL\",\"baseScore\":5.1},\"baseSeverity\":\"MEDIUM\",\"exploitabilityScore\":4.9,\"impactScore\":6.4,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":true}]},\"weaknesses\":[{\"source\":\"secalert@redhat.com\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-384\"}]},{\"source\":\"nvd@nist.gov\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-384\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:redhat:wildfly_elytron:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"1.11.3\",\"matchCriteriaId\":\"DFA71264-A0E0-481E-A499-45BD1BA64E57\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:redhat:codeready_studio:12.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"1BAF877F-B8D5-4313-AC5C-26BB82006B30\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:redhat:descision_manager:7.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"D5863BBF-829E-44EF-ACE8-61D5037251F6\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:redhat:jboss_fuse:7.0.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"B40CCE4F-EA2C-453D-BB76-6388767E5C6D\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:redhat:process_automation:7.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"20A6B40D-F991-4712-8E30-5FE008505CB7\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:netapp:oncommand_insight:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"F1BE6C1F-2565-4E97-92AA-16563E5660A5\"}]}]}],\"references\":[{\"url\":\"https://bugzilla.redhat.com/show_bug.cgi?id=1825714\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Issue Tracking\",\"Mitigation\",\"Vendor Advisory\"]},{\"url\":\"https://security.netapp.com/advisory/ntap-20201223-0002/\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Third Party Advisory\"]}]}}" } }
rhsa-2020_4960
Vulnerability from csaf_redhat
Published
2020-11-05 18:47
Modified
2024-11-05 22:58
Summary
Red Hat Security Advisory: Red Hat Decision Manager 7.9.0 security update
Notes
Topic
An update is now available for Red Hat Decision Manager.
Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details
Red Hat Decision Manager is an open source decision management platform that combines business rules management, complex event processing, Decision Model & Notation (DMN) execution, and Business Optimizer for solving planning problems. It automates business decisions and makes that logic available to the entire business.
This release of Red Hat Decision Manager 7.9.0 serves as an update to Red Hat Decision Manager 7.8.1, and includes bug fixes and enhancements, which are documented in the Release Notes document linked to in the References.
Security Fix(es):
* hibernate: SQL injection issue in Hibernate ORM (CVE-2019-14900)
* batik: SSRF via "xlink:href" (CVE-2019-17566)
* Wildfly: Improper authorization issue in WildFlySecurityManager when using alternative protection domain (CVE-2020-1748)
* ant: insecure temporary file vulnerability (CVE-2020-1945)
* dom4j: XML External Entity vulnerability in default SAX parser (CVE-2020-10683)
* hibernate-validator: Improper input validation in the interpolation of constraint error messages (CVE-2020-10693)
* wildfly-elytron: session fixation when using FORM authentication (CVE-2020-10714)
* cxf: JMX integration is vulnerable to a MITM attack (CVE-2020-1954)
* mysql-connector-java: allows unauthenticated attacker with network access via multiple protocols to compromise MySQL Connectors which could result in unauthorized update, insert or delete (CVE-2020-2875)
* mysql-connector-java: allows high privileged attacker with network access via multiple protocols to compromise MySQL Connectors which could result in unauthorized partial DoS (CVE-2020-2933)
* mysql-connector-java: allows unauthenticated attacker with network access via multiple protocols to compromise MySQL Connectors which could result in unauthorized update, insert or delete (CVE-2020-2934)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{ "document": { "aggregate_severity": { "namespace": "https://access.redhat.com/security/updates/classification/", "text": "Moderate" }, "category": "csaf_security_advisory", "csaf_version": "2.0", "distribution": { "text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.", "tlp": { "label": "WHITE", "url": "https://www.first.org/tlp/" } }, "lang": "en", "notes": [ { "category": "summary", "text": "An update is now available for Red Hat Decision Manager.\n\nRed Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.", "title": "Topic" }, { "category": "general", "text": "Red Hat Decision Manager is an open source decision management platform that combines business rules management, complex event processing, Decision Model \u0026 Notation (DMN) execution, and Business Optimizer for solving planning problems. It automates business decisions and makes that logic available to the entire business. \n\nThis release of Red Hat Decision Manager 7.9.0 serves as an update to Red Hat Decision Manager 7.8.1, and includes bug fixes and enhancements, which are documented in the Release Notes document linked to in the References.\n\nSecurity Fix(es):\n\n* hibernate: SQL injection issue in Hibernate ORM (CVE-2019-14900)\n\n* batik: SSRF via \"xlink:href\" (CVE-2019-17566)\n\n* Wildfly: Improper authorization issue in WildFlySecurityManager when using alternative protection domain (CVE-2020-1748)\n\n* ant: insecure temporary file vulnerability (CVE-2020-1945)\n\n* dom4j: XML External Entity vulnerability in default SAX parser (CVE-2020-10683)\n\n* hibernate-validator: Improper input validation in the interpolation of constraint error messages (CVE-2020-10693)\n\n* wildfly-elytron: session fixation when using FORM authentication (CVE-2020-10714)\n\n* cxf: JMX integration is vulnerable to a MITM attack (CVE-2020-1954)\n\n* mysql-connector-java: allows unauthenticated attacker with network access via multiple protocols to compromise MySQL Connectors which could result in unauthorized update, insert or delete (CVE-2020-2875)\n\n* mysql-connector-java: allows high privileged attacker with network access via multiple protocols to compromise MySQL Connectors which could result in unauthorized partial DoS (CVE-2020-2933)\n\n* mysql-connector-java: allows unauthenticated attacker with network access via multiple protocols to compromise MySQL Connectors which could result in unauthorized update, insert or delete (CVE-2020-2934)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.", "title": "Details" }, { "category": "legal_disclaimer", "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.", "title": "Terms of Use" } ], "publisher": { "category": "vendor", "contact_details": "https://access.redhat.com/security/team/contact/", "issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.", "name": "Red Hat Product Security", "namespace": "https://www.redhat.com" }, "references": [ { "category": "self", "summary": "https://access.redhat.com/errata/RHSA-2020:4960", "url": "https://access.redhat.com/errata/RHSA-2020:4960" }, { "category": "external", "summary": "https://access.redhat.com/security/updates/classification/#moderate", "url": "https://access.redhat.com/security/updates/classification/#moderate" }, { "category": "external", "summary": "https://access.redhat.com/jbossnetwork/restricted/listSoftware.html?downloadType=distributions\u0026product=rhdm\u0026version=7.9.0", "url": "https://access.redhat.com/jbossnetwork/restricted/listSoftware.html?downloadType=distributions\u0026product=rhdm\u0026version=7.9.0" }, { "category": "external", "summary": "https://access.redhat.com/documentation/en-us/red_hat_decision_manager/7.9/", "url": "https://access.redhat.com/documentation/en-us/red_hat_decision_manager/7.9/" }, { "category": "external", "summary": "1666499", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1666499" }, { "category": "external", "summary": "1694235", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1694235" }, { "category": "external", "summary": "1805501", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1805501" }, { "category": "external", "summary": "1807707", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1807707" }, { "category": "external", "summary": "1824301", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1824301" }, { "category": "external", "summary": "1825714", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1825714" }, { "category": "external", "summary": "1837444", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1837444" }, { "category": "external", "summary": "1848617", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1848617" }, { "category": "external", "summary": "1851014", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1851014" }, { "category": "external", "summary": "1851019", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1851019" }, { "category": "external", "summary": "1851022", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1851022" }, { "category": "self", "summary": "Canonical URL", "url": "https://security.access.redhat.com/data/csaf/v2/advisories/2020/rhsa-2020_4960.json" } ], "title": "Red Hat Security Advisory: Red Hat Decision Manager 7.9.0 security update", "tracking": { "current_release_date": "2024-11-05T22:58:44+00:00", "generator": { "date": "2024-11-05T22:58:44+00:00", "engine": { "name": "Red Hat SDEngine", "version": "4.1.1" } }, "id": "RHSA-2020:4960", "initial_release_date": "2020-11-05T18:47:03+00:00", "revision_history": [ { "date": "2020-11-05T18:47:03+00:00", "number": "1", "summary": "Initial version" }, { "date": "2020-11-05T18:47:03+00:00", "number": "2", "summary": "Last updated version" }, { "date": "2024-11-05T22:58:44+00:00", "number": "3", "summary": "Last generated version" } ], "status": "final", "version": "3" } }, "product_tree": { "branches": [ { "branches": [ { "branches": [ { "category": "product_name", "name": "RHDM 7.9.0", "product": { "name": "RHDM 7.9.0", "product_id": "RHDM 7.9.0", "product_identification_helper": { "cpe": "cpe:/a:redhat:jboss_enterprise_brms_platform:7.9" } } } ], "category": "product_family", "name": "Red Hat Decision Manager" } ], "category": "vendor", "name": "Red Hat" } ] }, "vulnerabilities": [ { "acknowledgments": [ { "names": [ "Guillaume Smet" ], "organization": "Red Hat", "summary": "This issue was discovered by Red Hat." } ], "cve": "CVE-2019-14900", "cwe": { "id": "CWE-89", "name": "Improper Neutralization of Special Elements used in an SQL Command (\u0027SQL Injection\u0027)" }, "discovery_date": "2019-01-15T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1666499" } ], "notes": [ { "category": "description", "text": "A flaw was found in Hibernate ORM. A SQL injection in the implementation of the JPA Criteria API can permit unsanitized literals when a literal is used in the SELECT or GROUP BY parts of the query. This flaw could allow an attacker to access unauthorized information or possibly conduct further attacks.", "title": "Vulnerability description" }, { "category": "summary", "text": "hibernate: SQL injection issue in Hibernate ORM", "title": "Vulnerability summary" }, { "category": "other", "text": "OpenDaylight:\nIn RHOSP10, RHOSP13 and RHOSP14 editions of Red Hat OpenStack platform, the hibernate-jfa library shipped with OpenDaylight is contains a flaw in the processing of SQL queries. The hibernate-jha implemenation is not used in a vulnerable way in OpenDaylight, preventing the potential for SQL injection.\n\nRed Hat Satellite 6.2, 6.3 and 6.4 contains affected versions of hibernate-core in its candlepin component. However, that component does not use hibernate-core in a vulnerable way.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "RHDM 7.9.0" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2019-14900" }, { "category": "external", "summary": "RHBZ#1666499", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1666499" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2019-14900", "url": "https://www.cve.org/CVERecord?id=CVE-2019-14900" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2019-14900", "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-14900" } ], "release_date": "2020-05-12T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2020-11-05T18:47:03+00:00", "details": "For on-premise installations, before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nIt is recommended to halt the server by stopping the JBoss Application Server process before installing this update; after installing the update, restart the server by starting the JBoss Application Server process.\n\nThe References section of this erratum contains a download link (you must log in to download the update).", "product_ids": [ "RHDM 7.9.0" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2020:4960" }, { "category": "workaround", "details": "There is no currently known mitigation for this flaw.", "product_ids": [ "RHDM 7.9.0" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "version": "3.1" }, "products": [ "RHDM 7.9.0" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "hibernate: SQL injection issue in Hibernate ORM" }, { "cve": "CVE-2019-17566", "cwe": { "id": "CWE-352", "name": "Cross-Site Request Forgery (CSRF)" }, "discovery_date": "2020-06-15T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1848617" } ], "notes": [ { "category": "description", "text": "A flaw was found in the Apache Batik library, where it is vulnerable to a Server-Side Request Forgery attack (SSRF) via \"xlink:href\" attributes. This flaw allows an attacker to cause the underlying server to make arbitrary GET requests. The highest threat from this vulnerability is to system integrity.", "title": "Vulnerability description" }, { "category": "summary", "text": "batik: SSRF via \"xlink:href\"", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "RHDM 7.9.0" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2019-17566" }, { "category": "external", "summary": "RHBZ#1848617", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1848617" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2019-17566", "url": "https://www.cve.org/CVERecord?id=CVE-2019-17566" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2019-17566", "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-17566" } ], "release_date": "2020-06-15T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2020-11-05T18:47:03+00:00", "details": "For on-premise installations, before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nIt is recommended to halt the server by stopping the JBoss Application Server process before installing this update; after installing the update, restart the server by starting the JBoss Application Server process.\n\nThe References section of this erratum contains a download link (you must log in to download the update).", "product_ids": [ "RHDM 7.9.0" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2020:4960" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", "version": "3.1" }, "products": [ "RHDM 7.9.0" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "batik: SSRF via \"xlink:href\"" }, { "cve": "CVE-2020-1748", "cwe": { "id": "CWE-285", "name": "Improper Authorization" }, "discovery_date": "2020-02-26T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1807707" } ], "notes": [ { "category": "description", "text": "A flaw was found in Wildfly, where the WildFlySecurityManager checks were bypassed when using custom security managers, resulting in an improper authorization. This flaw leads to information exposure by unauthenticated access to secure resources.", "title": "Vulnerability description" }, { "category": "summary", "text": "Wildfly: Improper authorization issue in WildFlySecurityManager when using alternative protection domain", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "RHDM 7.9.0" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2020-1748" }, { "category": "external", "summary": "RHBZ#1807707", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1807707" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2020-1748", "url": "https://www.cve.org/CVERecord?id=CVE-2020-1748" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-1748", "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-1748" } ], "release_date": "2020-08-06T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2020-11-05T18:47:03+00:00", "details": "For on-premise installations, before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nIt is recommended to halt the server by stopping the JBoss Application Server process before installing this update; after installing the update, restart the server by starting the JBoss Application Server process.\n\nThe References section of this erratum contains a download link (you must log in to download the update).", "product_ids": [ "RHDM 7.9.0" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2020:4960" } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 4.8, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N", "version": "3.1" }, "products": [ "RHDM 7.9.0" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "Wildfly: Improper authorization issue in WildFlySecurityManager when using alternative protection domain" }, { "cve": "CVE-2020-1945", "cwe": { "id": "CWE-377", "name": "Insecure Temporary File" }, "discovery_date": "2020-05-13T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1837444" } ], "notes": [ { "category": "description", "text": "Apache Ant 1.1 to 1.9.14 and 1.10.0 to 1.10.7 uses the default temporary directory identified by the Java system property java.io.tmpdir for several tasks and may thus leak sensitive information. The fixcrlf and replaceregexp tasks also copy files from the temporary directory back into the build tree allowing an attacker to inject modified source files into the build process.", "title": "Vulnerability description" }, { "category": "summary", "text": "ant: insecure temporary file vulnerability", "title": "Vulnerability summary" }, { "category": "other", "text": "In OpenShift Container Platform (OCP), the Hive/Presto/Hadoop components that comprise the OCP Metering stack, ship the vulnerable version of ant package.\nSince the release of OCP 4.6, the Metering product has been deprecated [1], hence the affected components are marked as wontfix.\nThis may be fixed in the future.\n\n[1] https://docs.openshift.com/container-platform/4.6/release_notes/ocp-4-6-release-notes.html#ocp-4-6-metering-operator-deprecated", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "RHDM 7.9.0" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2020-1945" }, { "category": "external", "summary": "RHBZ#1837444", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1837444" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2020-1945", "url": "https://www.cve.org/CVERecord?id=CVE-2020-1945" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-1945", "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-1945" } ], "release_date": "2020-05-13T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2020-11-05T18:47:03+00:00", "details": "For on-premise installations, before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nIt is recommended to halt the server by stopping the JBoss Application Server process before installing this update; after installing the update, restart the server by starting the JBoss Application Server process.\n\nThe References section of this erratum contains a download link (you must log in to download the update).", "product_ids": [ "RHDM 7.9.0" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2020:4960" }, { "category": "workaround", "details": "For versions 1.1 to 1.9.14 and 1.10.0 to 1.10.7, set the java.io.tmpdir system property to a private directory-- only readable and writable by the current user-- before running Ant.\n\nFor versions 1.9.15 and 1.10.8, use the Ant property ant.tmpfile instead. Ant 1.10.8 protects the temporary files if the underlying filesystem allows it, but using a private temporary directory is still recommended.", "product_ids": [ "RHDM 7.9.0" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "LOCAL", "availabilityImpact": "NONE", "baseScore": 6.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N", "version": "3.1" }, "products": [ "RHDM 7.9.0" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "ant: insecure temporary file vulnerability" }, { "cve": "CVE-2020-1954", "cwe": { "id": "CWE-200", "name": "Exposure of Sensitive Information to an Unauthorized Actor" }, "discovery_date": "2020-04-01T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1824301" } ], "notes": [ { "category": "description", "text": "Apache CXF has the ability to integrate with JMX by registering an InstrumentationManager extension with the CXF bus. If the \u2018createMBServerConnectorFactory\u2018 property of the default InstrumentationManagerImpl is not disabled, then it is vulnerable to a man-in-the-middle (MITM) style attack. An attacker on the same host can connect to the registry and rebind the entry to another server, thus acting as a proxy to the original. They are then able to gain access to all of the information that is sent and received over JMX.", "title": "Vulnerability description" }, { "category": "summary", "text": "cxf: JMX integration is vulnerable to a MITM attack", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "RHDM 7.9.0" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2020-1954" }, { "category": "external", "summary": "RHBZ#1824301", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1824301" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2020-1954", "url": "https://www.cve.org/CVERecord?id=CVE-2020-1954" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-1954", "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-1954" } ], "release_date": "2020-04-01T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2020-11-05T18:47:03+00:00", "details": "For on-premise installations, before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nIt is recommended to halt the server by stopping the JBoss Application Server process before installing this update; after installing the update, restart the server by starting the JBoss Application Server process.\n\nThe References section of this erratum contains a download link (you must log in to download the update).", "product_ids": [ "RHDM 7.9.0" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2020:4960" } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "ADJACENT_NETWORK", "availabilityImpact": "NONE", "baseScore": 5.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.1" }, "products": [ "RHDM 7.9.0" ] } ], "threats": [ { "category": "impact", "details": "Low" } ], "title": "cxf: JMX integration is vulnerable to a MITM attack" }, { "cve": "CVE-2020-2875", "discovery_date": "2020-06-25T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1851019" } ], "notes": [ { "category": "description", "text": "A flaw was found in the mysql-connector-java package. A complicated attack against the mysql Connector/J allows attackers on the local network to interfere with a user\u0027s connection and insert unauthorized SQL commands in MySQL Connectors and other products.", "title": "Vulnerability description" }, { "category": "summary", "text": "mysql-connector-java: allows unauthenticated attacker with network access via multiple protocols to compromise MySQL Connectors which could result in unauthorized update, insert or delete", "title": "Vulnerability summary" }, { "category": "other", "text": "Red Hat Enterprise Linux customers are advised to replace the mysql-connector-java package with the mariadb-java-client, available in Red Hat Software Collections. It can be installed this way:\n\n # yum-config-manager --enable rhel-server-rhscl-7-rpms\n\n # yum install rh-mariadb103-mariadb-java-client", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "RHDM 7.9.0" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2020-2875" }, { "category": "external", "summary": "RHBZ#1851019", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1851019" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2020-2875", "url": "https://www.cve.org/CVERecord?id=CVE-2020-2875" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-2875", "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-2875" } ], "release_date": "2020-04-15T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2020-11-05T18:47:03+00:00", "details": "For on-premise installations, before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nIt is recommended to halt the server by stopping the JBoss Application Server process before installing this update; after installing the update, restart the server by starting the JBoss Application Server process.\n\nThe References section of this erratum contains a download link (you must log in to download the update).", "product_ids": [ "RHDM 7.9.0" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2020:4960" } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 4.7, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:L/A:N", "version": "3.1" }, "products": [ "RHDM 7.9.0" ] } ], "threats": [ { "category": "impact", "details": "Low" } ], "title": "mysql-connector-java: allows unauthenticated attacker with network access via multiple protocols to compromise MySQL Connectors which could result in unauthorized update, insert or delete" }, { "cve": "CVE-2020-2933", "discovery_date": "2020-06-25T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1851022" } ], "notes": [ { "category": "description", "text": "A flaw was found in the mysql-connector-java package. A complicated attack against the mysql Connector/J allows attackers on the local network to interfere with a user\u0027s connection, causing a denial of service of the MySQL Connectors.", "title": "Vulnerability description" }, { "category": "summary", "text": "mysql-connector-java: allows high privileged attacker with network access via multiple protocols to compromise MySQL Connectors which could result in unauthorized partial DoS", "title": "Vulnerability summary" }, { "category": "other", "text": "Red Hat Enterprise Linux customers are advised to replace the mysql-connector-java package with the mariadb-java-client, available in Red Hat Software Collections. It can be installed this way:\n\n # yum-config-manager --enable rhel-server-rhscl-7-rpms\n\n # yum install rh-mariadb103-mariadb-java-client", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "RHDM 7.9.0" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2020-2933" }, { "category": "external", "summary": "RHBZ#1851022", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1851022" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2020-2933", "url": "https://www.cve.org/CVERecord?id=CVE-2020-2933" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-2933", "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-2933" } ], "release_date": "2020-04-15T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2020-11-05T18:47:03+00:00", "details": "For on-premise installations, before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nIt is recommended to halt the server by stopping the JBoss Application Server process before installing this update; after installing the update, restart the server by starting the JBoss Application Server process.\n\nThe References section of this erratum contains a download link (you must log in to download the update).", "product_ids": [ "RHDM 7.9.0" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2020:4960" } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 2.2, "baseSeverity": "LOW", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:L", "version": "3.1" }, "products": [ "RHDM 7.9.0" ] } ], "threats": [ { "category": "impact", "details": "Low" } ], "title": "mysql-connector-java: allows high privileged attacker with network access via multiple protocols to compromise MySQL Connectors which could result in unauthorized partial DoS" }, { "cve": "CVE-2020-2934", "discovery_date": "2020-06-24T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1851014" } ], "notes": [ { "category": "description", "text": "A flaw was found in the mysql-connector-java package. A complicated attack against the mysql Connector/J allows attackers on the local network to interfere with a user\u0027s connection and insert unauthorized SQL commands.", "title": "Vulnerability description" }, { "category": "summary", "text": "mysql-connector-java: allows unauthenticated attacker with network access via multiple protocols to compromise MySQL Connectors which could result in unauthorized update, insert or delete", "title": "Vulnerability summary" }, { "category": "other", "text": "Red Hat Enterprise Linux customers are advised to replace the mysql-connector-java package with the mariadb-java-client, available in Red Hat Software Collections. It can be installed this way:\n\n # yum-config-manager --enable rhel-server-rhscl-7-rpms\n\n # yum install rh-mariadb103-mariadb-java-client", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "RHDM 7.9.0" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2020-2934" }, { "category": "external", "summary": "RHBZ#1851014", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1851014" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2020-2934", "url": "https://www.cve.org/CVERecord?id=CVE-2020-2934" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-2934", "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-2934" } ], "release_date": "2020-04-15T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2020-11-05T18:47:03+00:00", "details": "For on-premise installations, before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nIt is recommended to halt the server by stopping the JBoss Application Server process before installing this update; after installing the update, restart the server by starting the JBoss Application Server process.\n\nThe References section of this erratum contains a download link (you must log in to download the update).", "product_ids": [ "RHDM 7.9.0" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2020:4960" } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 5.0, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L", "version": "3.1" }, "products": [ "RHDM 7.9.0" ] } ], "threats": [ { "category": "impact", "details": "Low" } ], "title": "mysql-connector-java: allows unauthenticated attacker with network access via multiple protocols to compromise MySQL Connectors which could result in unauthorized update, insert or delete" }, { "acknowledgments": [ { "names": [ "Adith Sudhakar" ] } ], "cve": "CVE-2020-10683", "cwe": { "id": "CWE-611", "name": "Improper Restriction of XML External Entity Reference" }, "discovery_date": "2019-03-28T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1694235" } ], "notes": [ { "category": "description", "text": "dom4j before 2.0.3 and 2.1.x before 2.1.3 allows external DTDs and External Entities by default, which might enable XXE attacks. However, there is popular external documentation from OWASP showing how to enable the safe, non-default behavior in any application that uses dom4j.", "title": "Vulnerability description" }, { "category": "summary", "text": "dom4j: XML External Entity vulnerability in default SAX parser", "title": "Vulnerability summary" }, { "category": "other", "text": "OpenShift Container Platform ships a vulnerable version of dom4j library. However it\u0027s used to parse configuration files, which are local disk resources. We\u0027ve rated this issue with a moderate impact for OpenShift Container Platform.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "RHDM 7.9.0" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2020-10683" }, { "category": "external", "summary": "RHBZ#1694235", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1694235" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2020-10683", "url": "https://www.cve.org/CVERecord?id=CVE-2020-10683" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-10683", "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-10683" } ], "release_date": "2020-04-15T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2020-11-05T18:47:03+00:00", "details": "For on-premise installations, before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nIt is recommended to halt the server by stopping the JBoss Application Server process before installing this update; after installing the update, restart the server by starting the JBoss Application Server process.\n\nThe References section of this erratum contains a download link (you must log in to download the update).", "product_ids": [ "RHDM 7.9.0" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2020:4960" } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.4, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:H", "version": "3.0" }, "products": [ "RHDM 7.9.0" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "dom4j: XML External Entity vulnerability in default SAX parser" }, { "acknowledgments": [ { "names": [ "Alvaro Mu\u00f1oz" ], "organization": "GitHub Security Labs" } ], "cve": "CVE-2020-10693", "cwe": { "id": "CWE-20", "name": "Improper Input Validation" }, "discovery_date": "2020-02-05T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1805501" } ], "notes": [ { "category": "description", "text": "A flaw was found in Hibernate Validator version 6.1.2.Final. A bug in the message interpolation processor enables invalid EL expressions to be evaluated as if they were valid. This flaw allows attackers to bypass input sanitation (escaping, stripping) controls that developers may have put in place when handling user-controlled data in error messages.", "title": "Vulnerability description" }, { "category": "summary", "text": "hibernate-validator: Improper input validation in the interpolation of constraint error messages", "title": "Vulnerability summary" }, { "category": "other", "text": "hibernate-validator is packaged with Red Hat OpenStack Platform 13.0\u0027s OpenDaylight (ODL). However, because ODL is technical preview in this version and the flaw is moderate, Red Hat will not be releasing a fix for the OpenStack package at this time.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "RHDM 7.9.0" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2020-10693" }, { "category": "external", "summary": "RHBZ#1805501", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1805501" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2020-10693", "url": "https://www.cve.org/CVERecord?id=CVE-2020-10693" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-10693", "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-10693" } ], "release_date": "2020-05-05T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2020-11-05T18:47:03+00:00", "details": "For on-premise installations, before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nIt is recommended to halt the server by stopping the JBoss Application Server process before installing this update; after installing the update, restart the server by starting the JBoss Application Server process.\n\nThe References section of this erratum contains a download link (you must log in to download the update).", "product_ids": [ "RHDM 7.9.0" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2020:4960" }, { "category": "workaround", "details": "You can pass user input as an expression variable by unwrapping the context to HibernateConstraintValidatorContext. Please refer to the https://in.relation.to/2020/05/07/hibernate-validator-615-6020-released/ and https://docs.jboss.org/hibernate/stable/validator/reference/en-US/html_single/#_the_code_constraintvalidatorcontext_code.", "product_ids": [ "RHDM 7.9.0" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", "version": "3.1" }, "products": [ "RHDM 7.9.0" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "hibernate-validator: Improper input validation in the interpolation of constraint error messages" }, { "acknowledgments": [ { "names": [ "Mark Banierink" ], "organization": "Nedap" } ], "cve": "CVE-2020-10714", "cwe": { "id": "CWE-384", "name": "Session Fixation" }, "discovery_date": "2020-03-24T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1825714" } ], "notes": [ { "category": "description", "text": "A flaw was found in WildFly Elytron version 1.11.3.Final and before. When using WildFly Elytron FORM authentication with a session ID in the URL, an attacker could perform a session fixation attack. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.", "title": "Vulnerability description" }, { "category": "summary", "text": "wildfly-elytron: session fixation when using FORM authentication", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "RHDM 7.9.0" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2020-10714" }, { "category": "external", "summary": "RHBZ#1825714", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1825714" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2020-10714", "url": "https://www.cve.org/CVERecord?id=CVE-2020-10714" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-10714", "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-10714" } ], "release_date": "2020-04-28T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2020-11-05T18:47:03+00:00", "details": "For on-premise installations, before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nIt is recommended to halt the server by stopping the JBoss Application Server process before installing this update; after installing the update, restart the server by starting the JBoss Application Server process.\n\nThe References section of this erratum contains a download link (you must log in to download the update).", "product_ids": [ "RHDM 7.9.0" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2020:4960" }, { "category": "workaround", "details": "This attack is dependent on the attacker being able to create a session and the victim accessing the session before the session expires, we do have a 15 minute session timeout by default but the attacker could also keep this alive by say sending in a request every five minutes.\n\nThe server by default supports session tracking by URL and Cookie, if the web.xml is updated to support COOKIE only the exploit is not possible by sharing the link.\n~~~\n \u003csession-config\u003e\n \u003ctracking-mode\u003eURL\u003c/tracking-mode\u003e\n \u003c/session-config\u003e\n~~~\nTO\n~~~\n \u003csession-config\u003e\n \u003ctracking-mode\u003eCOOKIE\u003c/tracking-mode\u003e\n \u003c/session-config\u003e\n~~~", "product_ids": [ "RHDM 7.9.0" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "RHDM 7.9.0" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "wildfly-elytron: session fixation when using FORM authentication" } ] }
rhsa-2020_4961
Vulnerability from csaf_redhat
Published
2020-11-05 18:48
Modified
2024-11-05 22:58
Summary
Red Hat Security Advisory: Red Hat Process Automation Manager 7.9.0 security update
Notes
Topic
An update is now available for Red Hat Process Automation Manager.
Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details
Red Hat Process Automation Manager is an open source business process management suite that combines process management and decision service management and enables business and IT users to create, manage, validate, and deploy process applications and decision services.
This release of Red Hat Process Automation Manager 7.9.0 serves as an update to Red Hat Process Automation Manager 7.8.1, and includes bug fixes and enhancements, which are documented in the Release Notes document linked to in the References.
Security Fix(es):
* hibernate: SQL injection issue in Hibernate ORM (CVE-2019-14900)
* batik: SSRF via "xlink:href" (CVE-2019-17566)
* Wildfly: Improper authorization issue in WildFlySecurityManager when using alternative protection domain (CVE-2020-1748)
* ant: insecure temporary file vulnerability (CVE-2020-1945)
* dom4j: XML External Entity vulnerability in default SAX parser (CVE-2020-10683)
* hibernate-validator: Improper input validation in the interpolation of constraint error messages (CVE-2020-10693)
* wildfly-elytron: session fixation when using FORM authentication (CVE-2020-10714)
* cxf: JMX integration is vulnerable to a MITM attack (CVE-2020-1954)
* mysql-connector-java: allows unauthenticated attacker with network access via multiple protocols to compromise MySQL Connectors which could result in unauthorized update, insert or delete (CVE-2020-2875)
* mysql-connector-java: allows high privileged attacker with network access via multiple protocols to compromise MySQL Connectors which could result in unauthorized partial DoS (CVE-2020-2933)
* mysql-connector-java: allows unauthenticated attacker with network access via multiple protocols to compromise MySQL Connectors which could result in unauthorized update, insert or delete (CVE-2020-2934)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{ "document": { "aggregate_severity": { "namespace": "https://access.redhat.com/security/updates/classification/", "text": "Moderate" }, "category": "csaf_security_advisory", "csaf_version": "2.0", "distribution": { "text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.", "tlp": { "label": "WHITE", "url": "https://www.first.org/tlp/" } }, "lang": "en", "notes": [ { "category": "summary", "text": "An update is now available for Red Hat Process Automation Manager.\n\nRed Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.", "title": "Topic" }, { "category": "general", "text": "Red Hat Process Automation Manager is an open source business process management suite that combines process management and decision service management and enables business and IT users to create, manage, validate, and deploy process applications and decision services.\n\nThis release of Red Hat Process Automation Manager 7.9.0 serves as an update to Red Hat Process Automation Manager 7.8.1, and includes bug fixes and enhancements, which are documented in the Release Notes document linked to in the References.\n\nSecurity Fix(es):\n\n* hibernate: SQL injection issue in Hibernate ORM (CVE-2019-14900)\n\n* batik: SSRF via \"xlink:href\" (CVE-2019-17566)\n\n* Wildfly: Improper authorization issue in WildFlySecurityManager when using alternative protection domain (CVE-2020-1748)\n\n* ant: insecure temporary file vulnerability (CVE-2020-1945)\n\n* dom4j: XML External Entity vulnerability in default SAX parser (CVE-2020-10683)\n\n* hibernate-validator: Improper input validation in the interpolation of constraint error messages (CVE-2020-10693)\n\n* wildfly-elytron: session fixation when using FORM authentication (CVE-2020-10714)\n\n* cxf: JMX integration is vulnerable to a MITM attack (CVE-2020-1954)\n\n* mysql-connector-java: allows unauthenticated attacker with network access via multiple protocols to compromise MySQL Connectors which could result in unauthorized update, insert or delete (CVE-2020-2875)\n\n* mysql-connector-java: allows high privileged attacker with network access via multiple protocols to compromise MySQL Connectors which could result in unauthorized partial DoS (CVE-2020-2933)\n\n* mysql-connector-java: allows unauthenticated attacker with network access via multiple protocols to compromise MySQL Connectors which could result in unauthorized update, insert or delete (CVE-2020-2934)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.", "title": "Details" }, { "category": "legal_disclaimer", "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.", "title": "Terms of Use" } ], "publisher": { "category": "vendor", "contact_details": "https://access.redhat.com/security/team/contact/", "issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.", "name": "Red Hat Product Security", "namespace": "https://www.redhat.com" }, "references": [ { "category": "self", "summary": "https://access.redhat.com/errata/RHSA-2020:4961", "url": "https://access.redhat.com/errata/RHSA-2020:4961" }, { "category": "external", "summary": "https://access.redhat.com/security/updates/classification/#moderate", "url": "https://access.redhat.com/security/updates/classification/#moderate" }, { "category": "external", "summary": "https://access.redhat.com/jbossnetwork/restricted/listSoftware.html?downloadType=distributions\u0026product=rhpam\u0026version=7.9.0", "url": "https://access.redhat.com/jbossnetwork/restricted/listSoftware.html?downloadType=distributions\u0026product=rhpam\u0026version=7.9.0" }, { "category": "external", "summary": "https://access.redhat.com/documentation/en-us/red_hat_process_automation_manager/7.9/", "url": "https://access.redhat.com/documentation/en-us/red_hat_process_automation_manager/7.9/" }, { "category": "external", "summary": "1666499", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1666499" }, { "category": "external", "summary": "1694235", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1694235" }, { "category": "external", "summary": "1805501", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1805501" }, { "category": "external", "summary": "1807707", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1807707" }, { "category": "external", "summary": "1824301", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1824301" }, { "category": "external", "summary": "1825714", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1825714" }, { "category": "external", "summary": "1837444", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1837444" }, { "category": "external", "summary": "1848617", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1848617" }, { "category": "external", "summary": "1851014", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1851014" }, { "category": "external", "summary": "1851019", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1851019" }, { "category": "external", "summary": "1851022", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1851022" }, { "category": "self", "summary": "Canonical URL", "url": "https://security.access.redhat.com/data/csaf/v2/advisories/2020/rhsa-2020_4961.json" } ], "title": "Red Hat Security Advisory: Red Hat Process Automation Manager 7.9.0 security update", "tracking": { "current_release_date": "2024-11-05T22:58:36+00:00", "generator": { "date": "2024-11-05T22:58:36+00:00", "engine": { "name": "Red Hat SDEngine", "version": "4.1.1" } }, "id": "RHSA-2020:4961", "initial_release_date": "2020-11-05T18:48:33+00:00", "revision_history": [ { "date": "2020-11-05T18:48:33+00:00", "number": "1", "summary": "Initial version" }, { "date": "2020-11-05T18:48:33+00:00", "number": "2", "summary": "Last updated version" }, { "date": "2024-11-05T22:58:36+00:00", "number": "3", "summary": "Last generated version" } ], "status": "final", "version": "3" } }, "product_tree": { "branches": [ { "branches": [ { "branches": [ { "category": "product_name", "name": "RHPAM 7.9.0", "product": { "name": "RHPAM 7.9.0", "product_id": "RHPAM 7.9.0", "product_identification_helper": { "cpe": "cpe:/a:redhat:jboss_enterprise_bpms_platform:7.9" } } } ], "category": "product_family", "name": "Red Hat Process Automation Manager" } ], "category": "vendor", "name": "Red Hat" } ] }, "vulnerabilities": [ { "acknowledgments": [ { "names": [ "Guillaume Smet" ], "organization": "Red Hat", "summary": "This issue was discovered by Red Hat." } ], "cve": "CVE-2019-14900", "cwe": { "id": "CWE-89", "name": "Improper Neutralization of Special Elements used in an SQL Command (\u0027SQL Injection\u0027)" }, "discovery_date": "2019-01-15T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1666499" } ], "notes": [ { "category": "description", "text": "A flaw was found in Hibernate ORM. A SQL injection in the implementation of the JPA Criteria API can permit unsanitized literals when a literal is used in the SELECT or GROUP BY parts of the query. This flaw could allow an attacker to access unauthorized information or possibly conduct further attacks.", "title": "Vulnerability description" }, { "category": "summary", "text": "hibernate: SQL injection issue in Hibernate ORM", "title": "Vulnerability summary" }, { "category": "other", "text": "OpenDaylight:\nIn RHOSP10, RHOSP13 and RHOSP14 editions of Red Hat OpenStack platform, the hibernate-jfa library shipped with OpenDaylight is contains a flaw in the processing of SQL queries. The hibernate-jha implemenation is not used in a vulnerable way in OpenDaylight, preventing the potential for SQL injection.\n\nRed Hat Satellite 6.2, 6.3 and 6.4 contains affected versions of hibernate-core in its candlepin component. However, that component does not use hibernate-core in a vulnerable way.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "RHPAM 7.9.0" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2019-14900" }, { "category": "external", "summary": "RHBZ#1666499", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1666499" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2019-14900", "url": "https://www.cve.org/CVERecord?id=CVE-2019-14900" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2019-14900", "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-14900" } ], "release_date": "2020-05-12T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2020-11-05T18:48:33+00:00", "details": "For on-premise installations, before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nIt is recommended to halt the server by stopping the JBoss Application Server process before installing this update; after installing the update, restart the server by starting the JBoss Application Server process.\n\nThe References section of this erratum contains a download link (you must log in to download the update).", "product_ids": [ "RHPAM 7.9.0" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2020:4961" }, { "category": "workaround", "details": "There is no currently known mitigation for this flaw.", "product_ids": [ "RHPAM 7.9.0" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "version": "3.1" }, "products": [ "RHPAM 7.9.0" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "hibernate: SQL injection issue in Hibernate ORM" }, { "cve": "CVE-2019-17566", "cwe": { "id": "CWE-352", "name": "Cross-Site Request Forgery (CSRF)" }, "discovery_date": "2020-06-15T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1848617" } ], "notes": [ { "category": "description", "text": "A flaw was found in the Apache Batik library, where it is vulnerable to a Server-Side Request Forgery attack (SSRF) via \"xlink:href\" attributes. This flaw allows an attacker to cause the underlying server to make arbitrary GET requests. The highest threat from this vulnerability is to system integrity.", "title": "Vulnerability description" }, { "category": "summary", "text": "batik: SSRF via \"xlink:href\"", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "RHPAM 7.9.0" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2019-17566" }, { "category": "external", "summary": "RHBZ#1848617", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1848617" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2019-17566", "url": "https://www.cve.org/CVERecord?id=CVE-2019-17566" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2019-17566", "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-17566" } ], "release_date": "2020-06-15T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2020-11-05T18:48:33+00:00", "details": "For on-premise installations, before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nIt is recommended to halt the server by stopping the JBoss Application Server process before installing this update; after installing the update, restart the server by starting the JBoss Application Server process.\n\nThe References section of this erratum contains a download link (you must log in to download the update).", "product_ids": [ "RHPAM 7.9.0" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2020:4961" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", "version": "3.1" }, "products": [ "RHPAM 7.9.0" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "batik: SSRF via \"xlink:href\"" }, { "cve": "CVE-2020-1748", "cwe": { "id": "CWE-285", "name": "Improper Authorization" }, "discovery_date": "2020-02-26T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1807707" } ], "notes": [ { "category": "description", "text": "A flaw was found in Wildfly, where the WildFlySecurityManager checks were bypassed when using custom security managers, resulting in an improper authorization. This flaw leads to information exposure by unauthenticated access to secure resources.", "title": "Vulnerability description" }, { "category": "summary", "text": "Wildfly: Improper authorization issue in WildFlySecurityManager when using alternative protection domain", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "RHPAM 7.9.0" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2020-1748" }, { "category": "external", "summary": "RHBZ#1807707", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1807707" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2020-1748", "url": "https://www.cve.org/CVERecord?id=CVE-2020-1748" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-1748", "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-1748" } ], "release_date": "2020-08-06T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2020-11-05T18:48:33+00:00", "details": "For on-premise installations, before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nIt is recommended to halt the server by stopping the JBoss Application Server process before installing this update; after installing the update, restart the server by starting the JBoss Application Server process.\n\nThe References section of this erratum contains a download link (you must log in to download the update).", "product_ids": [ "RHPAM 7.9.0" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2020:4961" } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 4.8, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N", "version": "3.1" }, "products": [ "RHPAM 7.9.0" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "Wildfly: Improper authorization issue in WildFlySecurityManager when using alternative protection domain" }, { "cve": "CVE-2020-1945", "cwe": { "id": "CWE-377", "name": "Insecure Temporary File" }, "discovery_date": "2020-05-13T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1837444" } ], "notes": [ { "category": "description", "text": "Apache Ant 1.1 to 1.9.14 and 1.10.0 to 1.10.7 uses the default temporary directory identified by the Java system property java.io.tmpdir for several tasks and may thus leak sensitive information. The fixcrlf and replaceregexp tasks also copy files from the temporary directory back into the build tree allowing an attacker to inject modified source files into the build process.", "title": "Vulnerability description" }, { "category": "summary", "text": "ant: insecure temporary file vulnerability", "title": "Vulnerability summary" }, { "category": "other", "text": "In OpenShift Container Platform (OCP), the Hive/Presto/Hadoop components that comprise the OCP Metering stack, ship the vulnerable version of ant package.\nSince the release of OCP 4.6, the Metering product has been deprecated [1], hence the affected components are marked as wontfix.\nThis may be fixed in the future.\n\n[1] https://docs.openshift.com/container-platform/4.6/release_notes/ocp-4-6-release-notes.html#ocp-4-6-metering-operator-deprecated", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "RHPAM 7.9.0" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2020-1945" }, { "category": "external", "summary": "RHBZ#1837444", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1837444" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2020-1945", "url": "https://www.cve.org/CVERecord?id=CVE-2020-1945" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-1945", "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-1945" } ], "release_date": "2020-05-13T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2020-11-05T18:48:33+00:00", "details": "For on-premise installations, before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nIt is recommended to halt the server by stopping the JBoss Application Server process before installing this update; after installing the update, restart the server by starting the JBoss Application Server process.\n\nThe References section of this erratum contains a download link (you must log in to download the update).", "product_ids": [ "RHPAM 7.9.0" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2020:4961" }, { "category": "workaround", "details": "For versions 1.1 to 1.9.14 and 1.10.0 to 1.10.7, set the java.io.tmpdir system property to a private directory-- only readable and writable by the current user-- before running Ant.\n\nFor versions 1.9.15 and 1.10.8, use the Ant property ant.tmpfile instead. Ant 1.10.8 protects the temporary files if the underlying filesystem allows it, but using a private temporary directory is still recommended.", "product_ids": [ "RHPAM 7.9.0" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "LOCAL", "availabilityImpact": "NONE", "baseScore": 6.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N", "version": "3.1" }, "products": [ "RHPAM 7.9.0" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "ant: insecure temporary file vulnerability" }, { "cve": "CVE-2020-1954", "cwe": { "id": "CWE-200", "name": "Exposure of Sensitive Information to an Unauthorized Actor" }, "discovery_date": "2020-04-01T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1824301" } ], "notes": [ { "category": "description", "text": "Apache CXF has the ability to integrate with JMX by registering an InstrumentationManager extension with the CXF bus. If the \u2018createMBServerConnectorFactory\u2018 property of the default InstrumentationManagerImpl is not disabled, then it is vulnerable to a man-in-the-middle (MITM) style attack. An attacker on the same host can connect to the registry and rebind the entry to another server, thus acting as a proxy to the original. They are then able to gain access to all of the information that is sent and received over JMX.", "title": "Vulnerability description" }, { "category": "summary", "text": "cxf: JMX integration is vulnerable to a MITM attack", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "RHPAM 7.9.0" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2020-1954" }, { "category": "external", "summary": "RHBZ#1824301", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1824301" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2020-1954", "url": "https://www.cve.org/CVERecord?id=CVE-2020-1954" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-1954", "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-1954" } ], "release_date": "2020-04-01T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2020-11-05T18:48:33+00:00", "details": "For on-premise installations, before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nIt is recommended to halt the server by stopping the JBoss Application Server process before installing this update; after installing the update, restart the server by starting the JBoss Application Server process.\n\nThe References section of this erratum contains a download link (you must log in to download the update).", "product_ids": [ "RHPAM 7.9.0" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2020:4961" } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "ADJACENT_NETWORK", "availabilityImpact": "NONE", "baseScore": 5.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.1" }, "products": [ "RHPAM 7.9.0" ] } ], "threats": [ { "category": "impact", "details": "Low" } ], "title": "cxf: JMX integration is vulnerable to a MITM attack" }, { "cve": "CVE-2020-2875", "discovery_date": "2020-06-25T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1851019" } ], "notes": [ { "category": "description", "text": "A flaw was found in the mysql-connector-java package. A complicated attack against the mysql Connector/J allows attackers on the local network to interfere with a user\u0027s connection and insert unauthorized SQL commands in MySQL Connectors and other products.", "title": "Vulnerability description" }, { "category": "summary", "text": "mysql-connector-java: allows unauthenticated attacker with network access via multiple protocols to compromise MySQL Connectors which could result in unauthorized update, insert or delete", "title": "Vulnerability summary" }, { "category": "other", "text": "Red Hat Enterprise Linux customers are advised to replace the mysql-connector-java package with the mariadb-java-client, available in Red Hat Software Collections. It can be installed this way:\n\n # yum-config-manager --enable rhel-server-rhscl-7-rpms\n\n # yum install rh-mariadb103-mariadb-java-client", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "RHPAM 7.9.0" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2020-2875" }, { "category": "external", "summary": "RHBZ#1851019", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1851019" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2020-2875", "url": "https://www.cve.org/CVERecord?id=CVE-2020-2875" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-2875", "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-2875" } ], "release_date": "2020-04-15T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2020-11-05T18:48:33+00:00", "details": "For on-premise installations, before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nIt is recommended to halt the server by stopping the JBoss Application Server process before installing this update; after installing the update, restart the server by starting the JBoss Application Server process.\n\nThe References section of this erratum contains a download link (you must log in to download the update).", "product_ids": [ "RHPAM 7.9.0" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2020:4961" } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 4.7, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:L/A:N", "version": "3.1" }, "products": [ "RHPAM 7.9.0" ] } ], "threats": [ { "category": "impact", "details": "Low" } ], "title": "mysql-connector-java: allows unauthenticated attacker with network access via multiple protocols to compromise MySQL Connectors which could result in unauthorized update, insert or delete" }, { "cve": "CVE-2020-2933", "discovery_date": "2020-06-25T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1851022" } ], "notes": [ { "category": "description", "text": "A flaw was found in the mysql-connector-java package. A complicated attack against the mysql Connector/J allows attackers on the local network to interfere with a user\u0027s connection, causing a denial of service of the MySQL Connectors.", "title": "Vulnerability description" }, { "category": "summary", "text": "mysql-connector-java: allows high privileged attacker with network access via multiple protocols to compromise MySQL Connectors which could result in unauthorized partial DoS", "title": "Vulnerability summary" }, { "category": "other", "text": "Red Hat Enterprise Linux customers are advised to replace the mysql-connector-java package with the mariadb-java-client, available in Red Hat Software Collections. It can be installed this way:\n\n # yum-config-manager --enable rhel-server-rhscl-7-rpms\n\n # yum install rh-mariadb103-mariadb-java-client", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "RHPAM 7.9.0" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2020-2933" }, { "category": "external", "summary": "RHBZ#1851022", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1851022" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2020-2933", "url": "https://www.cve.org/CVERecord?id=CVE-2020-2933" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-2933", "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-2933" } ], "release_date": "2020-04-15T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2020-11-05T18:48:33+00:00", "details": "For on-premise installations, before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nIt is recommended to halt the server by stopping the JBoss Application Server process before installing this update; after installing the update, restart the server by starting the JBoss Application Server process.\n\nThe References section of this erratum contains a download link (you must log in to download the update).", "product_ids": [ "RHPAM 7.9.0" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2020:4961" } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 2.2, "baseSeverity": "LOW", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:L", "version": "3.1" }, "products": [ "RHPAM 7.9.0" ] } ], "threats": [ { "category": "impact", "details": "Low" } ], "title": "mysql-connector-java: allows high privileged attacker with network access via multiple protocols to compromise MySQL Connectors which could result in unauthorized partial DoS" }, { "cve": "CVE-2020-2934", "discovery_date": "2020-06-24T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1851014" } ], "notes": [ { "category": "description", "text": "A flaw was found in the mysql-connector-java package. A complicated attack against the mysql Connector/J allows attackers on the local network to interfere with a user\u0027s connection and insert unauthorized SQL commands.", "title": "Vulnerability description" }, { "category": "summary", "text": "mysql-connector-java: allows unauthenticated attacker with network access via multiple protocols to compromise MySQL Connectors which could result in unauthorized update, insert or delete", "title": "Vulnerability summary" }, { "category": "other", "text": "Red Hat Enterprise Linux customers are advised to replace the mysql-connector-java package with the mariadb-java-client, available in Red Hat Software Collections. It can be installed this way:\n\n # yum-config-manager --enable rhel-server-rhscl-7-rpms\n\n # yum install rh-mariadb103-mariadb-java-client", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "RHPAM 7.9.0" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2020-2934" }, { "category": "external", "summary": "RHBZ#1851014", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1851014" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2020-2934", "url": "https://www.cve.org/CVERecord?id=CVE-2020-2934" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-2934", "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-2934" } ], "release_date": "2020-04-15T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2020-11-05T18:48:33+00:00", "details": "For on-premise installations, before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nIt is recommended to halt the server by stopping the JBoss Application Server process before installing this update; after installing the update, restart the server by starting the JBoss Application Server process.\n\nThe References section of this erratum contains a download link (you must log in to download the update).", "product_ids": [ "RHPAM 7.9.0" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2020:4961" } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 5.0, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L", "version": "3.1" }, "products": [ "RHPAM 7.9.0" ] } ], "threats": [ { "category": "impact", "details": "Low" } ], "title": "mysql-connector-java: allows unauthenticated attacker with network access via multiple protocols to compromise MySQL Connectors which could result in unauthorized update, insert or delete" }, { "acknowledgments": [ { "names": [ "Adith Sudhakar" ] } ], "cve": "CVE-2020-10683", "cwe": { "id": "CWE-611", "name": "Improper Restriction of XML External Entity Reference" }, "discovery_date": "2019-03-28T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1694235" } ], "notes": [ { "category": "description", "text": "dom4j before 2.0.3 and 2.1.x before 2.1.3 allows external DTDs and External Entities by default, which might enable XXE attacks. However, there is popular external documentation from OWASP showing how to enable the safe, non-default behavior in any application that uses dom4j.", "title": "Vulnerability description" }, { "category": "summary", "text": "dom4j: XML External Entity vulnerability in default SAX parser", "title": "Vulnerability summary" }, { "category": "other", "text": "OpenShift Container Platform ships a vulnerable version of dom4j library. However it\u0027s used to parse configuration files, which are local disk resources. We\u0027ve rated this issue with a moderate impact for OpenShift Container Platform.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "RHPAM 7.9.0" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2020-10683" }, { "category": "external", "summary": "RHBZ#1694235", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1694235" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2020-10683", "url": "https://www.cve.org/CVERecord?id=CVE-2020-10683" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-10683", "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-10683" } ], "release_date": "2020-04-15T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2020-11-05T18:48:33+00:00", "details": "For on-premise installations, before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nIt is recommended to halt the server by stopping the JBoss Application Server process before installing this update; after installing the update, restart the server by starting the JBoss Application Server process.\n\nThe References section of this erratum contains a download link (you must log in to download the update).", "product_ids": [ "RHPAM 7.9.0" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2020:4961" } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.4, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:H", "version": "3.0" }, "products": [ "RHPAM 7.9.0" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "dom4j: XML External Entity vulnerability in default SAX parser" }, { "acknowledgments": [ { "names": [ "Alvaro Mu\u00f1oz" ], "organization": "GitHub Security Labs" } ], "cve": "CVE-2020-10693", "cwe": { "id": "CWE-20", "name": "Improper Input Validation" }, "discovery_date": "2020-02-05T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1805501" } ], "notes": [ { "category": "description", "text": "A flaw was found in Hibernate Validator version 6.1.2.Final. A bug in the message interpolation processor enables invalid EL expressions to be evaluated as if they were valid. This flaw allows attackers to bypass input sanitation (escaping, stripping) controls that developers may have put in place when handling user-controlled data in error messages.", "title": "Vulnerability description" }, { "category": "summary", "text": "hibernate-validator: Improper input validation in the interpolation of constraint error messages", "title": "Vulnerability summary" }, { "category": "other", "text": "hibernate-validator is packaged with Red Hat OpenStack Platform 13.0\u0027s OpenDaylight (ODL). However, because ODL is technical preview in this version and the flaw is moderate, Red Hat will not be releasing a fix for the OpenStack package at this time.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "RHPAM 7.9.0" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2020-10693" }, { "category": "external", "summary": "RHBZ#1805501", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1805501" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2020-10693", "url": "https://www.cve.org/CVERecord?id=CVE-2020-10693" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-10693", "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-10693" } ], "release_date": "2020-05-05T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2020-11-05T18:48:33+00:00", "details": "For on-premise installations, before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nIt is recommended to halt the server by stopping the JBoss Application Server process before installing this update; after installing the update, restart the server by starting the JBoss Application Server process.\n\nThe References section of this erratum contains a download link (you must log in to download the update).", "product_ids": [ "RHPAM 7.9.0" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2020:4961" }, { "category": "workaround", "details": "You can pass user input as an expression variable by unwrapping the context to HibernateConstraintValidatorContext. Please refer to the https://in.relation.to/2020/05/07/hibernate-validator-615-6020-released/ and https://docs.jboss.org/hibernate/stable/validator/reference/en-US/html_single/#_the_code_constraintvalidatorcontext_code.", "product_ids": [ "RHPAM 7.9.0" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", "version": "3.1" }, "products": [ "RHPAM 7.9.0" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "hibernate-validator: Improper input validation in the interpolation of constraint error messages" }, { "acknowledgments": [ { "names": [ "Mark Banierink" ], "organization": "Nedap" } ], "cve": "CVE-2020-10714", "cwe": { "id": "CWE-384", "name": "Session Fixation" }, "discovery_date": "2020-03-24T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1825714" } ], "notes": [ { "category": "description", "text": "A flaw was found in WildFly Elytron version 1.11.3.Final and before. When using WildFly Elytron FORM authentication with a session ID in the URL, an attacker could perform a session fixation attack. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.", "title": "Vulnerability description" }, { "category": "summary", "text": "wildfly-elytron: session fixation when using FORM authentication", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "RHPAM 7.9.0" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2020-10714" }, { "category": "external", "summary": "RHBZ#1825714", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1825714" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2020-10714", "url": "https://www.cve.org/CVERecord?id=CVE-2020-10714" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-10714", "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-10714" } ], "release_date": "2020-04-28T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2020-11-05T18:48:33+00:00", "details": "For on-premise installations, before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nIt is recommended to halt the server by stopping the JBoss Application Server process before installing this update; after installing the update, restart the server by starting the JBoss Application Server process.\n\nThe References section of this erratum contains a download link (you must log in to download the update).", "product_ids": [ "RHPAM 7.9.0" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2020:4961" }, { "category": "workaround", "details": "This attack is dependent on the attacker being able to create a session and the victim accessing the session before the session expires, we do have a 15 minute session timeout by default but the attacker could also keep this alive by say sending in a request every five minutes.\n\nThe server by default supports session tracking by URL and Cookie, if the web.xml is updated to support COOKIE only the exploit is not possible by sharing the link.\n~~~\n \u003csession-config\u003e\n \u003ctracking-mode\u003eURL\u003c/tracking-mode\u003e\n \u003c/session-config\u003e\n~~~\nTO\n~~~\n \u003csession-config\u003e\n \u003ctracking-mode\u003eCOOKIE\u003c/tracking-mode\u003e\n \u003c/session-config\u003e\n~~~", "product_ids": [ "RHPAM 7.9.0" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "RHPAM 7.9.0" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "wildfly-elytron: session fixation when using FORM authentication" } ] }
rhsa-2020_3639
Vulnerability from csaf_redhat
Published
2020-09-07 12:58
Modified
2024-11-05 22:40
Summary
Red Hat Security Advisory: Red Hat JBoss Enterprise Application Platform 7.2.9 on RHEL 8 security update
Notes
Topic
An update is now available for Red Hat JBoss Enterprise Application Platform 7.2 for Red Hat Enterprise Linux 8.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details
This release of Red Hat JBoss Enterprise Application Platform 7.2.9 serves as a replacement for Red Hat JBoss Enterprise Application Platform 7.2.8, and includes bug fixes and enhancements. See the Red Hat JBoss Enterprise Application Platform 7.2.9 Release Notes for information about the most significant bug fixes and enhancements included in this release.
Security Fix(es):
* jackson-databind: Serialization gadgets in ibatis-sqlmap (CVE-2020-9547)
* jackson-databind: Lacks certain xbean-reflect/JNDI blocking (CVE-2020-8840)
* jackson-databind: Serialization gadgets in anteros-core (CVE-2020-9548)
* jackson-databind: mishandles the interaction between serialization gadgets and typing which could result in remote command execution (CVE-2020-10672)
* jackson-databind: mishandles the interaction between serialization gadgets and typing which could result in remote command execution (CVE-2020-10673)
* jackson-databind: Serialization gadgets in shaded-hikari-config (CVE-2020-9546)
* undertow: EAP: field-name is not parsed in accordance to RFC7230 (CVE-2020-1710)
* wildfly-undertow: Undertow: Incomplete fix for CVE-2017-2666 due to permitting invalid characters in HTTP requests (CVE-2020-10687)
* jsf-impl: Mojarra: Path traversal via either the loc parameter or the con parameter, incomplete fix of CVE-2018-14371 (CVE-2020-6950)
* resteasy-jaxrs: resteasy: Improper validation of response header in MediaTypeHeaderDelegate.java class (CVE-2020-1695)
* wildfly-elytron: session fixation when using FORM authentication (CVE-2020-10714)
* dom4j: XML External Entity vulnerability in default SAX parser (CVE-2020-10683)
* wildfly: Improper authorization issue in WildFlySecurityManager when using alternative protection domain (CVE-2020-1748)
* hibernate-validator: Improper input validation in the interpolation of constraint error messages (CVE-2020-10693)
* hibernate-core: hibernate: SQL injection issue in Hibernate ORM (CVE-2019-14900)
* wildfly: exposed setting of TCCL via the EmbeddedManagedProcess API (CVE-2020-10718)
• wildfly: unsafe deserialization in Wildfly Enterprise Java Beans (CVE-2020-10740)
* jboss-ejb-client: wildfly: EJB SessionOpenInvocations may not be removed properly after a response is received causing Denial of Service (CVE-2020-14307)
* jboss-ejb-client: wildfly: Some EJB transaction objects may get accumulated causing Denial of Service (CVE-2020-14297)
For more details about the security issue(s), including the impact, a CVSS score, and other related information, see the CVE page(s) listed in the References section.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{ "document": { "aggregate_severity": { "namespace": "https://access.redhat.com/security/updates/classification/", "text": "Important" }, "category": "csaf_security_advisory", "csaf_version": "2.0", "distribution": { "text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.", "tlp": { "label": "WHITE", "url": "https://www.first.org/tlp/" } }, "lang": "en", "notes": [ { "category": "summary", "text": "An update is now available for Red Hat JBoss Enterprise Application Platform 7.2 for Red Hat Enterprise Linux 8.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.", "title": "Topic" }, { "category": "general", "text": "This release of Red Hat JBoss Enterprise Application Platform 7.2.9 serves as a replacement for Red Hat JBoss Enterprise Application Platform 7.2.8, and includes bug fixes and enhancements. See the Red Hat JBoss Enterprise Application Platform 7.2.9 Release Notes for information about the most significant bug fixes and enhancements included in this release.\n\nSecurity Fix(es):\n\n* jackson-databind: Serialization gadgets in ibatis-sqlmap (CVE-2020-9547)\n\n* jackson-databind: Lacks certain xbean-reflect/JNDI blocking (CVE-2020-8840)\n\n* jackson-databind: Serialization gadgets in anteros-core (CVE-2020-9548)\n\n* jackson-databind: mishandles the interaction between serialization gadgets and typing which could result in remote command execution (CVE-2020-10672)\n\n* jackson-databind: mishandles the interaction between serialization gadgets and typing which could result in remote command execution (CVE-2020-10673)\n\n* jackson-databind: Serialization gadgets in shaded-hikari-config (CVE-2020-9546)\n\n* undertow: EAP: field-name is not parsed in accordance to RFC7230 (CVE-2020-1710)\n\n* wildfly-undertow: Undertow: Incomplete fix for CVE-2017-2666 due to permitting invalid characters in HTTP requests (CVE-2020-10687)\n\n* jsf-impl: Mojarra: Path traversal via either the loc parameter or the con parameter, incomplete fix of CVE-2018-14371 (CVE-2020-6950)\n\n* resteasy-jaxrs: resteasy: Improper validation of response header in MediaTypeHeaderDelegate.java class (CVE-2020-1695)\n\n* wildfly-elytron: session fixation when using FORM authentication (CVE-2020-10714)\n\n* dom4j: XML External Entity vulnerability in default SAX parser (CVE-2020-10683)\n\n* wildfly: Improper authorization issue in WildFlySecurityManager when using alternative protection domain (CVE-2020-1748)\n\n* hibernate-validator: Improper input validation in the interpolation of constraint error messages (CVE-2020-10693)\n\n* hibernate-core: hibernate: SQL injection issue in Hibernate ORM (CVE-2019-14900)\n\n* wildfly: exposed setting of TCCL via the EmbeddedManagedProcess API (CVE-2020-10718)\n\n\u2022 wildfly: unsafe deserialization in Wildfly Enterprise Java Beans (CVE-2020-10740)\n\n* jboss-ejb-client: wildfly: EJB SessionOpenInvocations may not be removed properly after a response is received causing Denial of Service (CVE-2020-14307)\n\n* jboss-ejb-client: wildfly: Some EJB transaction objects may get accumulated causing Denial of Service (CVE-2020-14297)\n\nFor more details about the security issue(s), including the impact, a CVSS score, and other related information, see the CVE page(s) listed in the References section.", "title": "Details" }, { "category": "legal_disclaimer", "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.", "title": "Terms of Use" } ], "publisher": { "category": "vendor", "contact_details": "https://access.redhat.com/security/team/contact/", "issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.", "name": "Red Hat Product Security", "namespace": "https://www.redhat.com" }, "references": [ { "category": "self", "summary": "https://access.redhat.com/errata/RHSA-2020:3639", "url": "https://access.redhat.com/errata/RHSA-2020:3639" }, { "category": "external", "summary": "https://access.redhat.com/security/updates/classification/#important", "url": "https://access.redhat.com/security/updates/classification/#important" }, { "category": "external", "summary": "https://access.redhat.com/documentation/en-us/red_hat_jboss_enterprise_application_platform/7.2/", "url": "https://access.redhat.com/documentation/en-us/red_hat_jboss_enterprise_application_platform/7.2/" }, { "category": "external", "summary": "https://access.redhat.com/documentation/en-us/red_hat_jboss_enterprise_application_platform/7.2/html-single/installation_guide/", "url": "https://access.redhat.com/documentation/en-us/red_hat_jboss_enterprise_application_platform/7.2/html-single/installation_guide/" }, { "category": "external", "summary": "1666499", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1666499" }, { "category": "external", "summary": "1694235", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1694235" }, { "category": "external", "summary": "1730462", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1730462" }, { "category": "external", "summary": "1785049", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1785049" }, { "category": "external", "summary": "1793970", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1793970" }, { "category": "external", "summary": "1805006", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1805006" }, { "category": "external", "summary": "1805501", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1805501" }, { "category": "external", "summary": "1807707", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1807707" }, { "category": "external", "summary": "1815470", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1815470" }, { "category": "external", "summary": "1815495", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1815495" }, { "category": "external", "summary": "1816330", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1816330" }, { "category": "external", "summary": "1816332", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1816332" }, { "category": "external", "summary": "1816337", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1816337" }, { "category": "external", "summary": "1816340", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1816340" }, { "category": "external", "summary": "1825714", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1825714" }, { "category": "external", "summary": "1828476", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1828476" }, { "category": "external", "summary": "1834512", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1834512" }, { "category": "external", "summary": "1851327", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1851327" }, { "category": "external", "summary": "1853595", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1853595" }, { "category": "external", "summary": "JBEAP-18366", "url": "https://issues.redhat.com/browse/JBEAP-18366" }, { "category": "external", "summary": "JBEAP-18667", "url": "https://issues.redhat.com/browse/JBEAP-18667" }, { "category": "external", "summary": "JBEAP-18849", "url": "https://issues.redhat.com/browse/JBEAP-18849" }, { "category": "external", "summary": "JBEAP-18880", "url": "https://issues.redhat.com/browse/JBEAP-18880" }, { "category": "external", "summary": "JBEAP-18906", "url": "https://issues.redhat.com/browse/JBEAP-18906" }, { "category": "external", "summary": "JBEAP-18919", "url": "https://issues.redhat.com/browse/JBEAP-18919" }, { "category": "external", "summary": "JBEAP-18965", "url": "https://issues.redhat.com/browse/JBEAP-18965" }, { "category": "external", "summary": "JBEAP-19040", "url": "https://issues.redhat.com/browse/JBEAP-19040" }, { "category": "external", "summary": "JBEAP-19058", "url": "https://issues.redhat.com/browse/JBEAP-19058" }, { "category": "external", "summary": "JBEAP-19120", "url": "https://issues.redhat.com/browse/JBEAP-19120" }, { "category": "external", "summary": "JBEAP-19255", "url": "https://issues.redhat.com/browse/JBEAP-19255" }, { "category": "external", "summary": "JBEAP-19271", "url": "https://issues.redhat.com/browse/JBEAP-19271" }, { "category": "external", "summary": "JBEAP-19315", "url": "https://issues.redhat.com/browse/JBEAP-19315" }, { "category": "external", "summary": "JBEAP-19463", "url": "https://issues.redhat.com/browse/JBEAP-19463" }, { "category": "external", "summary": "JBEAP-19565", "url": "https://issues.redhat.com/browse/JBEAP-19565" }, { "category": "external", "summary": "JBEAP-19587", "url": "https://issues.redhat.com/browse/JBEAP-19587" }, { "category": "external", "summary": "JBEAP-19620", "url": "https://issues.redhat.com/browse/JBEAP-19620" }, { "category": "external", "summary": "JBEAP-19624", "url": "https://issues.redhat.com/browse/JBEAP-19624" }, { "category": "external", "summary": "JBEAP-19703", "url": "https://issues.redhat.com/browse/JBEAP-19703" }, { "category": "external", "summary": "JBEAP-19704", "url": "https://issues.redhat.com/browse/JBEAP-19704" }, { "category": "external", "summary": "JBEAP-19798", "url": "https://issues.redhat.com/browse/JBEAP-19798" }, { "category": "external", "summary": "JBEAP-19837", "url": "https://issues.redhat.com/browse/JBEAP-19837" }, { "category": "external", "summary": "JBEAP-19875", "url": "https://issues.redhat.com/browse/JBEAP-19875" }, { "category": "self", "summary": "Canonical URL", "url": "https://security.access.redhat.com/data/csaf/v2/advisories/2020/rhsa-2020_3639.json" } ], "title": "Red Hat Security Advisory: Red Hat JBoss Enterprise Application Platform 7.2.9 on RHEL 8 security update", "tracking": { "current_release_date": "2024-11-05T22:40:31+00:00", "generator": { "date": "2024-11-05T22:40:31+00:00", "engine": { "name": "Red Hat SDEngine", "version": "4.1.1" } }, "id": "RHSA-2020:3639", "initial_release_date": "2020-09-07T12:58:06+00:00", "revision_history": [ { "date": "2020-09-07T12:58:06+00:00", "number": "1", "summary": "Initial version" }, { "date": "2020-09-07T12:58:06+00:00", "number": "2", "summary": "Last updated version" }, { "date": "2024-11-05T22:40:31+00:00", "number": "3", "summary": "Last generated version" } ], "status": "final", "version": "3" } }, "product_tree": { "branches": [ { "branches": [ { "branches": [ { "category": "product_name", "name": "Red Hat JBoss EAP 7.2 for RHEL 8", "product": { "name": "Red Hat JBoss EAP 7.2 for RHEL 8", "product_id": "8Base-JBEAP-7.2", "product_identification_helper": { "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:7.2::el8" } } } ], "category": "product_family", "name": "Red Hat JBoss Enterprise Application Platform" }, { "branches": [ { "category": "product_version", "name": "eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el8eap.noarch", "product": { "name": "eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el8eap.noarch", "product_id": "eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el8eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-hibernate-validator@6.0.20-1.Final_redhat_00001.1.el8eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el8eap.noarch", "product": { "name": "eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el8eap.noarch", "product_id": "eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el8eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-hibernate-validator-cdi@6.0.20-1.Final_redhat_00001.1.el8eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-undertow-server-0:1.2.5-1.Final_redhat_00001.1.el8eap.noarch", "product": { "name": "eap7-undertow-server-0:1.2.5-1.Final_redhat_00001.1.el8eap.noarch", "product_id": "eap7-undertow-server-0:1.2.5-1.Final_redhat_00001.1.el8eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-undertow-server@1.2.5-1.Final_redhat_00001.1.el8eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-dom4j-0:2.1.3-1.redhat_00001.1.el8eap.noarch", "product": { "name": "eap7-dom4j-0:2.1.3-1.redhat_00001.1.el8eap.noarch", "product_id": "eap7-dom4j-0:2.1.3-1.redhat_00001.1.el8eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-dom4j@2.1.3-1.redhat_00001.1.el8eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "product": { "name": "eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "product_id": "eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-resteasy@3.6.1-10.SP9_redhat_00001.1.el8eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-resteasy-atom-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "product": { "name": "eap7-resteasy-atom-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "product_id": "eap7-resteasy-atom-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-resteasy-atom-provider@3.6.1-10.SP9_redhat_00001.1.el8eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-resteasy-cdi-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "product": { "name": "eap7-resteasy-cdi-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "product_id": "eap7-resteasy-cdi-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-resteasy-cdi@3.6.1-10.SP9_redhat_00001.1.el8eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-resteasy-client-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "product": { "name": "eap7-resteasy-client-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "product_id": "eap7-resteasy-client-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-resteasy-client@3.6.1-10.SP9_redhat_00001.1.el8eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-resteasy-client-microprofile-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "product": { "name": "eap7-resteasy-client-microprofile-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "product_id": "eap7-resteasy-client-microprofile-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-resteasy-client-microprofile@3.6.1-10.SP9_redhat_00001.1.el8eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-resteasy-crypto-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "product": { "name": "eap7-resteasy-crypto-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "product_id": "eap7-resteasy-crypto-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-resteasy-crypto@3.6.1-10.SP9_redhat_00001.1.el8eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-resteasy-jackson-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "product": { "name": "eap7-resteasy-jackson-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "product_id": "eap7-resteasy-jackson-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-resteasy-jackson-provider@3.6.1-10.SP9_redhat_00001.1.el8eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-resteasy-jackson2-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "product": { "name": "eap7-resteasy-jackson2-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "product_id": "eap7-resteasy-jackson2-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-resteasy-jackson2-provider@3.6.1-10.SP9_redhat_00001.1.el8eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-resteasy-jaxb-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "product": { "name": "eap7-resteasy-jaxb-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "product_id": "eap7-resteasy-jaxb-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-resteasy-jaxb-provider@3.6.1-10.SP9_redhat_00001.1.el8eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-resteasy-jaxrs-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "product": { "name": "eap7-resteasy-jaxrs-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "product_id": "eap7-resteasy-jaxrs-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-resteasy-jaxrs@3.6.1-10.SP9_redhat_00001.1.el8eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-resteasy-jettison-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "product": { "name": "eap7-resteasy-jettison-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "product_id": "eap7-resteasy-jettison-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-resteasy-jettison-provider@3.6.1-10.SP9_redhat_00001.1.el8eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-resteasy-jose-jwt-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "product": { "name": "eap7-resteasy-jose-jwt-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "product_id": "eap7-resteasy-jose-jwt-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-resteasy-jose-jwt@3.6.1-10.SP9_redhat_00001.1.el8eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-resteasy-jsapi-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "product": { "name": "eap7-resteasy-jsapi-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "product_id": "eap7-resteasy-jsapi-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-resteasy-jsapi@3.6.1-10.SP9_redhat_00001.1.el8eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-resteasy-json-binding-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "product": { "name": "eap7-resteasy-json-binding-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "product_id": "eap7-resteasy-json-binding-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-resteasy-json-binding-provider@3.6.1-10.SP9_redhat_00001.1.el8eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-resteasy-json-p-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "product": { "name": "eap7-resteasy-json-p-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "product_id": "eap7-resteasy-json-p-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-resteasy-json-p-provider@3.6.1-10.SP9_redhat_00001.1.el8eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-resteasy-multipart-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "product": { "name": "eap7-resteasy-multipart-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "product_id": "eap7-resteasy-multipart-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-resteasy-multipart-provider@3.6.1-10.SP9_redhat_00001.1.el8eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-resteasy-rxjava2-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "product": { "name": "eap7-resteasy-rxjava2-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "product_id": "eap7-resteasy-rxjava2-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-resteasy-rxjava2@3.6.1-10.SP9_redhat_00001.1.el8eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-resteasy-spring-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "product": { "name": "eap7-resteasy-spring-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "product_id": "eap7-resteasy-spring-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-resteasy-spring@3.6.1-10.SP9_redhat_00001.1.el8eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-resteasy-validator-provider-11-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "product": { "name": "eap7-resteasy-validator-provider-11-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "product_id": "eap7-resteasy-validator-provider-11-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-resteasy-validator-provider-11@3.6.1-10.SP9_redhat_00001.1.el8eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-resteasy-yaml-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "product": { "name": "eap7-resteasy-yaml-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "product_id": "eap7-resteasy-yaml-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-resteasy-yaml-provider@3.6.1-10.SP9_redhat_00001.1.el8eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el8eap.noarch", "product": { "name": "eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el8eap.noarch", "product_id": "eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el8eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jboss-xnio-base@3.7.6-4.SP3_redhat_00001.1.el8eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el8eap.noarch", "product": { "name": "eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el8eap.noarch", "product_id": "eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el8eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jackson-databind@2.9.10.4-1.redhat_00001.1.el8eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "product": { "name": "eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "product_id": "eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-hibernate@5.3.17-1.Final_redhat_00001.1.el8eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "product": { "name": "eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "product_id": "eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-hibernate-core@5.3.17-1.Final_redhat_00001.1.el8eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "product": { "name": "eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "product_id": "eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-hibernate-entitymanager@5.3.17-1.Final_redhat_00001.1.el8eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "product": { "name": "eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "product_id": "eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-hibernate-envers@5.3.17-1.Final_redhat_00001.1.el8eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "product": { "name": "eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "product_id": "eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-hibernate-java8@5.3.17-1.Final_redhat_00001.1.el8eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el8eap.noarch", "product": { "name": "eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el8eap.noarch", "product_id": "eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el8eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jboss-genericjms@2.0.6-1.Final_redhat_00001.1.el8eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el8eap.noarch", "product": { "name": "eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el8eap.noarch", "product_id": "eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el8eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-undertow@2.0.30-4.SP4_redhat_00001.1.el8eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el8eap.noarch", "product": { "name": "eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el8eap.noarch", "product_id": "eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el8eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-wildfly-elytron@1.6.8-1.Final_redhat_00001.1.el8eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el8eap.noarch", "product": { "name": "eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el8eap.noarch", "product_id": "eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el8eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-glassfish-jsf@2.3.5-13.SP3_redhat_00011.1.el8eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el8eap.noarch", "product": { "name": "eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el8eap.noarch", "product_id": "eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el8eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jboss-jsf-api_2.3_spec@2.3.5-7.SP2_redhat_00005.1.el8eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch", "product": { "name": "eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch", "product_id": "eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-weld-core@3.0.6-4.Final_redhat_00004.1.el8eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-weld-core-impl-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch", "product": { "name": "eap7-weld-core-impl-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch", "product_id": "eap7-weld-core-impl-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-weld-core-impl@3.0.6-4.Final_redhat_00004.1.el8eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-weld-core-jsf-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch", "product": { "name": "eap7-weld-core-jsf-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch", "product_id": "eap7-weld-core-jsf-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-weld-core-jsf@3.0.6-4.Final_redhat_00004.1.el8eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-weld-ejb-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch", "product": { "name": "eap7-weld-ejb-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch", "product_id": "eap7-weld-ejb-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-weld-ejb@3.0.6-4.Final_redhat_00004.1.el8eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-weld-jta-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch", "product": { "name": "eap7-weld-jta-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch", "product_id": "eap7-weld-jta-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-weld-jta@3.0.6-4.Final_redhat_00004.1.el8eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-weld-probe-core-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch", "product": { "name": "eap7-weld-probe-core-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch", "product_id": "eap7-weld-probe-core-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-weld-probe-core@3.0.6-4.Final_redhat_00004.1.el8eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-weld-web-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch", "product": { "name": "eap7-weld-web-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch", "product_id": "eap7-weld-web-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-weld-web@3.0.6-4.Final_redhat_00004.1.el8eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el8eap.noarch", "product": { "name": "eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el8eap.noarch", "product_id": "eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el8eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jboss-logmanager@2.1.15-1.Final_redhat_00001.1.el8eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el8eap.noarch", "product": { "name": "eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el8eap.noarch", "product_id": "eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el8eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jboss-modules@1.8.10-1.Final_redhat_00001.1.el8eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el8eap.noarch", "product": { "name": "eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el8eap.noarch", "product_id": "eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el8eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-wildfly-transaction-client@1.1.11-1.Final_redhat_00001.1.el8eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el8eap.noarch", "product": { "name": "eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el8eap.noarch", "product_id": "eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el8eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-hal-console@3.0.23-1.Final_redhat_00001.1.el8eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "product": { "name": "eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "product_id": "eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jboss-server-migration@1.3.1-13.Final_redhat_00014.1.el8eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-jboss-server-migration-cli-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "product": { "name": "eap7-jboss-server-migration-cli-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "product_id": "eap7-jboss-server-migration-cli-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jboss-server-migration-cli@1.3.1-13.Final_redhat_00014.1.el8eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-jboss-server-migration-core-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "product": { "name": "eap7-jboss-server-migration-core-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "product_id": "eap7-jboss-server-migration-core-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jboss-server-migration-core@1.3.1-13.Final_redhat_00014.1.el8eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-jboss-server-migration-eap6.4-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "product": { "name": "eap7-jboss-server-migration-eap6.4-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "product_id": "eap7-jboss-server-migration-eap6.4-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jboss-server-migration-eap6.4@1.3.1-13.Final_redhat_00014.1.el8eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-jboss-server-migration-eap6.4-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "product": { "name": "eap7-jboss-server-migration-eap6.4-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "product_id": "eap7-jboss-server-migration-eap6.4-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jboss-server-migration-eap6.4-to-eap7.2@1.3.1-13.Final_redhat_00014.1.el8eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-jboss-server-migration-eap7.0-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "product": { "name": "eap7-jboss-server-migration-eap7.0-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "product_id": "eap7-jboss-server-migration-eap7.0-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jboss-server-migration-eap7.0@1.3.1-13.Final_redhat_00014.1.el8eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-jboss-server-migration-eap7.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "product": { "name": "eap7-jboss-server-migration-eap7.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "product_id": "eap7-jboss-server-migration-eap7.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jboss-server-migration-eap7.0-to-eap7.2@1.3.1-13.Final_redhat_00014.1.el8eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-jboss-server-migration-eap7.1-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "product": { "name": "eap7-jboss-server-migration-eap7.1-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "product_id": "eap7-jboss-server-migration-eap7.1-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jboss-server-migration-eap7.1@1.3.1-13.Final_redhat_00014.1.el8eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-jboss-server-migration-eap7.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "product": { "name": "eap7-jboss-server-migration-eap7.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "product_id": "eap7-jboss-server-migration-eap7.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jboss-server-migration-eap7.1-to-eap7.2@1.3.1-13.Final_redhat_00014.1.el8eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-jboss-server-migration-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "product": { "name": "eap7-jboss-server-migration-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "product_id": "eap7-jboss-server-migration-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jboss-server-migration-eap7.2@1.3.1-13.Final_redhat_00014.1.el8eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-jboss-server-migration-wildfly10.0-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "product": { "name": "eap7-jboss-server-migration-wildfly10.0-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "product_id": "eap7-jboss-server-migration-wildfly10.0-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jboss-server-migration-wildfly10.0@1.3.1-13.Final_redhat_00014.1.el8eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-jboss-server-migration-wildfly10.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "product": { "name": "eap7-jboss-server-migration-wildfly10.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "product_id": "eap7-jboss-server-migration-wildfly10.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jboss-server-migration-wildfly10.0-to-eap7.2@1.3.1-13.Final_redhat_00014.1.el8eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-jboss-server-migration-wildfly10.1-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "product": { "name": "eap7-jboss-server-migration-wildfly10.1-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "product_id": "eap7-jboss-server-migration-wildfly10.1-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jboss-server-migration-wildfly10.1@1.3.1-13.Final_redhat_00014.1.el8eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-jboss-server-migration-wildfly10.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "product": { "name": "eap7-jboss-server-migration-wildfly10.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "product_id": "eap7-jboss-server-migration-wildfly10.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jboss-server-migration-wildfly10.1-to-eap7.2@1.3.1-13.Final_redhat_00014.1.el8eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-jboss-server-migration-wildfly11.0-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "product": { "name": "eap7-jboss-server-migration-wildfly11.0-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "product_id": "eap7-jboss-server-migration-wildfly11.0-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jboss-server-migration-wildfly11.0@1.3.1-13.Final_redhat_00014.1.el8eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-jboss-server-migration-wildfly11.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "product": { "name": "eap7-jboss-server-migration-wildfly11.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "product_id": "eap7-jboss-server-migration-wildfly11.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jboss-server-migration-wildfly11.0-to-eap7.2@1.3.1-13.Final_redhat_00014.1.el8eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-jboss-server-migration-wildfly12.0-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "product": { "name": "eap7-jboss-server-migration-wildfly12.0-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "product_id": "eap7-jboss-server-migration-wildfly12.0-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jboss-server-migration-wildfly12.0@1.3.1-13.Final_redhat_00014.1.el8eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-jboss-server-migration-wildfly12.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "product": { "name": "eap7-jboss-server-migration-wildfly12.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "product_id": "eap7-jboss-server-migration-wildfly12.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jboss-server-migration-wildfly12.0-to-eap7.2@1.3.1-13.Final_redhat_00014.1.el8eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-jboss-server-migration-wildfly13.0-server-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "product": { "name": "eap7-jboss-server-migration-wildfly13.0-server-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "product_id": "eap7-jboss-server-migration-wildfly13.0-server-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jboss-server-migration-wildfly13.0-server@1.3.1-13.Final_redhat_00014.1.el8eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-jboss-server-migration-wildfly14.0-server-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "product": { "name": "eap7-jboss-server-migration-wildfly14.0-server-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "product_id": "eap7-jboss-server-migration-wildfly14.0-server-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jboss-server-migration-wildfly14.0-server@1.3.1-13.Final_redhat_00014.1.el8eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-jboss-server-migration-wildfly8.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "product": { "name": "eap7-jboss-server-migration-wildfly8.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "product_id": "eap7-jboss-server-migration-wildfly8.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jboss-server-migration-wildfly8.2@1.3.1-13.Final_redhat_00014.1.el8eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-jboss-server-migration-wildfly8.2-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "product": { "name": "eap7-jboss-server-migration-wildfly8.2-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "product_id": "eap7-jboss-server-migration-wildfly8.2-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jboss-server-migration-wildfly8.2-to-eap7.2@1.3.1-13.Final_redhat_00014.1.el8eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-jboss-server-migration-wildfly9.0-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "product": { "name": "eap7-jboss-server-migration-wildfly9.0-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "product_id": "eap7-jboss-server-migration-wildfly9.0-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jboss-server-migration-wildfly9.0@1.3.1-13.Final_redhat_00014.1.el8eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-jboss-server-migration-wildfly9.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "product": { "name": "eap7-jboss-server-migration-wildfly9.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "product_id": "eap7-jboss-server-migration-wildfly9.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jboss-server-migration-wildfly9.0-to-eap7.2@1.3.1-13.Final_redhat_00014.1.el8eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch", "product": { "name": "eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch", "product_id": "eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-wildfly-http-client-common@1.0.22-1.Final_redhat_00001.1.el8eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch", "product": { "name": "eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch", "product_id": "eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-wildfly-http-ejb-client@1.0.22-1.Final_redhat_00001.1.el8eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch", "product": { "name": "eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch", "product_id": "eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-wildfly-http-naming-client@1.0.22-1.Final_redhat_00001.1.el8eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch", "product": { "name": "eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch", "product_id": "eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-wildfly-http-transaction-client@1.0.22-1.Final_redhat_00001.1.el8eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el8eap.noarch", "product": { "name": "eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el8eap.noarch", "product_id": "eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el8eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-wildfly@7.2.9-4.GA_redhat_00003.1.el8eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-wildfly-javadocs-0:7.2.9-4.GA_redhat_00003.1.el8eap.noarch", "product": { "name": "eap7-wildfly-javadocs-0:7.2.9-4.GA_redhat_00003.1.el8eap.noarch", "product_id": "eap7-wildfly-javadocs-0:7.2.9-4.GA_redhat_00003.1.el8eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-wildfly-javadocs@7.2.9-4.GA_redhat_00003.1.el8eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-wildfly-modules-0:7.2.9-4.GA_redhat_00003.1.el8eap.noarch", "product": { "name": "eap7-wildfly-modules-0:7.2.9-4.GA_redhat_00003.1.el8eap.noarch", "product_id": "eap7-wildfly-modules-0:7.2.9-4.GA_redhat_00003.1.el8eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-wildfly-modules@7.2.9-4.GA_redhat_00003.1.el8eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "product": { "name": "eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "product_id": "eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-ironjacamar@1.4.22-1.Final_redhat_00001.1.el8eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "product": { "name": "eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "product_id": "eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-ironjacamar-common-api@1.4.22-1.Final_redhat_00001.1.el8eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "product": { "name": "eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "product_id": "eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-ironjacamar-common-impl@1.4.22-1.Final_redhat_00001.1.el8eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "product": { "name": "eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "product_id": "eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-ironjacamar-common-spi@1.4.22-1.Final_redhat_00001.1.el8eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "product": { "name": "eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "product_id": "eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-ironjacamar-core-api@1.4.22-1.Final_redhat_00001.1.el8eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "product": { "name": "eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "product_id": "eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-ironjacamar-core-impl@1.4.22-1.Final_redhat_00001.1.el8eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "product": { "name": "eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "product_id": "eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-ironjacamar-deployers-common@1.4.22-1.Final_redhat_00001.1.el8eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "product": { "name": "eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "product_id": "eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-ironjacamar-jdbc@1.4.22-1.Final_redhat_00001.1.el8eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "product": { "name": "eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "product_id": "eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-ironjacamar-validator@1.4.22-1.Final_redhat_00001.1.el8eap?arch=noarch" } } } ], "category": "architecture", "name": "noarch" }, { "branches": [ { "category": "product_version", "name": "eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el8eap.src", "product": { "name": "eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el8eap.src", "product_id": "eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el8eap.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-hibernate-validator@6.0.20-1.Final_redhat_00001.1.el8eap?arch=src" } } }, { "category": "product_version", "name": "eap7-elytron-web-0:1.2.5-1.Final_redhat_00001.1.el8eap.src", "product": { "name": "eap7-elytron-web-0:1.2.5-1.Final_redhat_00001.1.el8eap.src", "product_id": "eap7-elytron-web-0:1.2.5-1.Final_redhat_00001.1.el8eap.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-elytron-web@1.2.5-1.Final_redhat_00001.1.el8eap?arch=src" } } }, { "category": "product_version", "name": "eap7-dom4j-0:2.1.3-1.redhat_00001.1.el8eap.src", "product": { "name": "eap7-dom4j-0:2.1.3-1.redhat_00001.1.el8eap.src", "product_id": "eap7-dom4j-0:2.1.3-1.redhat_00001.1.el8eap.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-dom4j@2.1.3-1.redhat_00001.1.el8eap?arch=src" } } }, { "category": "product_version", "name": "eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el8eap.src", "product": { "name": "eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el8eap.src", "product_id": "eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el8eap.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-resteasy@3.6.1-10.SP9_redhat_00001.1.el8eap?arch=src" } } }, { "category": "product_version", "name": "eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el8eap.src", "product": { "name": "eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el8eap.src", "product_id": "eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el8eap.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jboss-xnio-base@3.7.6-4.SP3_redhat_00001.1.el8eap?arch=src" } } }, { "category": "product_version", "name": "eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el8eap.src", "product": { "name": "eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el8eap.src", "product_id": "eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el8eap.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jackson-databind@2.9.10.4-1.redhat_00001.1.el8eap?arch=src" } } }, { "category": "product_version", "name": "eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el8eap.src", "product": { "name": "eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el8eap.src", "product_id": "eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el8eap.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-hibernate@5.3.17-1.Final_redhat_00001.1.el8eap?arch=src" } } }, { "category": "product_version", "name": "eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el8eap.src", "product": { "name": "eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el8eap.src", "product_id": "eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el8eap.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jboss-genericjms@2.0.6-1.Final_redhat_00001.1.el8eap?arch=src" } } }, { "category": "product_version", "name": "eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el8eap.src", "product": { "name": "eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el8eap.src", "product_id": "eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el8eap.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-undertow@2.0.30-4.SP4_redhat_00001.1.el8eap?arch=src" } } }, { "category": "product_version", "name": "eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el8eap.src", "product": { "name": "eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el8eap.src", "product_id": "eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el8eap.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-wildfly-elytron@1.6.8-1.Final_redhat_00001.1.el8eap?arch=src" } } }, { "category": "product_version", "name": "eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el8eap.src", "product": { "name": "eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el8eap.src", "product_id": "eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el8eap.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-glassfish-jsf@2.3.5-13.SP3_redhat_00011.1.el8eap?arch=src" } } }, { "category": "product_version", "name": "eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el8eap.src", "product": { "name": "eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el8eap.src", "product_id": "eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el8eap.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jboss-jsf-api_2.3_spec@2.3.5-7.SP2_redhat_00005.1.el8eap?arch=src" } } }, { "category": "product_version", "name": "eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el8eap.src", "product": { "name": "eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el8eap.src", "product_id": "eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el8eap.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-weld-core@3.0.6-4.Final_redhat_00004.1.el8eap?arch=src" } } }, { "category": "product_version", "name": "eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el8eap.src", "product": { "name": "eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el8eap.src", "product_id": "eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el8eap.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jboss-logmanager@2.1.15-1.Final_redhat_00001.1.el8eap?arch=src" } } }, { "category": "product_version", "name": "eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el8eap.src", "product": { "name": "eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el8eap.src", "product_id": "eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el8eap.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jboss-modules@1.8.10-1.Final_redhat_00001.1.el8eap?arch=src" } } }, { "category": "product_version", "name": "eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el8eap.src", "product": { "name": "eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el8eap.src", "product_id": "eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el8eap.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-wildfly-transaction-client@1.1.11-1.Final_redhat_00001.1.el8eap?arch=src" } } }, { "category": "product_version", "name": "eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el8eap.src", "product": { "name": "eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el8eap.src", "product_id": "eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el8eap.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-hal-console@3.0.23-1.Final_redhat_00001.1.el8eap?arch=src" } } }, { "category": "product_version", "name": "eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el8eap.src", "product": { "name": "eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el8eap.src", "product_id": "eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el8eap.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jboss-server-migration@1.3.1-13.Final_redhat_00014.1.el8eap?arch=src" } } }, { "category": "product_version", "name": "eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.src", "product": { "name": "eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.src", "product_id": "eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-wildfly-http-client@1.0.22-1.Final_redhat_00001.1.el8eap?arch=src" } } }, { "category": "product_version", "name": "eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el8eap.src", "product": { "name": "eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el8eap.src", "product_id": "eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el8eap.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-wildfly@7.2.9-4.GA_redhat_00003.1.el8eap?arch=src" } } }, { "category": "product_version", "name": "eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el8eap.src", "product": { "name": "eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el8eap.src", "product_id": "eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el8eap.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-ironjacamar@1.4.22-1.Final_redhat_00001.1.el8eap?arch=src" } } } ], "category": "architecture", "name": "src" } ], "category": "vendor", "name": "Red Hat" } ], "relationships": [ { "category": "default_component_of", "full_product_name": { "name": "eap7-dom4j-0:2.1.3-1.redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.2 for RHEL 8", "product_id": "8Base-JBEAP-7.2:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el8eap.noarch" }, "product_reference": "eap7-dom4j-0:2.1.3-1.redhat_00001.1.el8eap.noarch", "relates_to_product_reference": "8Base-JBEAP-7.2" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-dom4j-0:2.1.3-1.redhat_00001.1.el8eap.src as a component of Red Hat JBoss EAP 7.2 for RHEL 8", "product_id": "8Base-JBEAP-7.2:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el8eap.src" }, "product_reference": "eap7-dom4j-0:2.1.3-1.redhat_00001.1.el8eap.src", "relates_to_product_reference": "8Base-JBEAP-7.2" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-elytron-web-0:1.2.5-1.Final_redhat_00001.1.el8eap.src as a component of Red Hat JBoss EAP 7.2 for RHEL 8", "product_id": "8Base-JBEAP-7.2:eap7-elytron-web-0:1.2.5-1.Final_redhat_00001.1.el8eap.src" }, "product_reference": "eap7-elytron-web-0:1.2.5-1.Final_redhat_00001.1.el8eap.src", "relates_to_product_reference": "8Base-JBEAP-7.2" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.2 for RHEL 8", "product_id": "8Base-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el8eap.noarch" }, "product_reference": "eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el8eap.noarch", "relates_to_product_reference": "8Base-JBEAP-7.2" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el8eap.src as a component of Red Hat JBoss EAP 7.2 for RHEL 8", "product_id": "8Base-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el8eap.src" }, "product_reference": "eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el8eap.src", "relates_to_product_reference": "8Base-JBEAP-7.2" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.2 for RHEL 8", "product_id": "8Base-JBEAP-7.2:eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el8eap.noarch" }, "product_reference": "eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el8eap.noarch", "relates_to_product_reference": "8Base-JBEAP-7.2" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el8eap.src as a component of Red Hat JBoss EAP 7.2 for RHEL 8", "product_id": "8Base-JBEAP-7.2:eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el8eap.src" }, "product_reference": "eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el8eap.src", "relates_to_product_reference": "8Base-JBEAP-7.2" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.2 for RHEL 8", "product_id": "8Base-JBEAP-7.2:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch" }, "product_reference": "eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "relates_to_product_reference": "8Base-JBEAP-7.2" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el8eap.src as a component of Red Hat JBoss EAP 7.2 for RHEL 8", "product_id": "8Base-JBEAP-7.2:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el8eap.src" }, "product_reference": "eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el8eap.src", "relates_to_product_reference": "8Base-JBEAP-7.2" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.2 for RHEL 8", "product_id": "8Base-JBEAP-7.2:eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch" }, "product_reference": "eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "relates_to_product_reference": "8Base-JBEAP-7.2" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.2 for RHEL 8", "product_id": "8Base-JBEAP-7.2:eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch" }, "product_reference": "eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "relates_to_product_reference": "8Base-JBEAP-7.2" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.2 for RHEL 8", "product_id": "8Base-JBEAP-7.2:eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch" }, "product_reference": "eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "relates_to_product_reference": "8Base-JBEAP-7.2" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.2 for RHEL 8", "product_id": "8Base-JBEAP-7.2:eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch" }, "product_reference": "eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "relates_to_product_reference": "8Base-JBEAP-7.2" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.2 for RHEL 8", "product_id": "8Base-JBEAP-7.2:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el8eap.noarch" }, "product_reference": "eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el8eap.noarch", "relates_to_product_reference": "8Base-JBEAP-7.2" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el8eap.src as a component of Red Hat JBoss EAP 7.2 for RHEL 8", "product_id": "8Base-JBEAP-7.2:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el8eap.src" }, "product_reference": "eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el8eap.src", "relates_to_product_reference": "8Base-JBEAP-7.2" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.2 for RHEL 8", "product_id": "8Base-JBEAP-7.2:eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el8eap.noarch" }, "product_reference": "eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el8eap.noarch", "relates_to_product_reference": "8Base-JBEAP-7.2" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.2 for RHEL 8", "product_id": "8Base-JBEAP-7.2:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch" }, "product_reference": "eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "relates_to_product_reference": "8Base-JBEAP-7.2" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el8eap.src as a component of Red Hat JBoss EAP 7.2 for RHEL 8", "product_id": "8Base-JBEAP-7.2:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el8eap.src" }, "product_reference": "eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el8eap.src", "relates_to_product_reference": "8Base-JBEAP-7.2" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.2 for RHEL 8", "product_id": "8Base-JBEAP-7.2:eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch" }, "product_reference": "eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "relates_to_product_reference": "8Base-JBEAP-7.2" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.2 for RHEL 8", "product_id": "8Base-JBEAP-7.2:eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch" }, "product_reference": "eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "relates_to_product_reference": "8Base-JBEAP-7.2" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.2 for RHEL 8", "product_id": "8Base-JBEAP-7.2:eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch" }, "product_reference": "eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "relates_to_product_reference": "8Base-JBEAP-7.2" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.2 for RHEL 8", "product_id": "8Base-JBEAP-7.2:eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch" }, "product_reference": "eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "relates_to_product_reference": "8Base-JBEAP-7.2" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.2 for RHEL 8", "product_id": "8Base-JBEAP-7.2:eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch" }, "product_reference": "eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "relates_to_product_reference": "8Base-JBEAP-7.2" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.2 for RHEL 8", "product_id": "8Base-JBEAP-7.2:eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch" }, "product_reference": "eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "relates_to_product_reference": "8Base-JBEAP-7.2" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.2 for RHEL 8", "product_id": "8Base-JBEAP-7.2:eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch" }, "product_reference": "eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "relates_to_product_reference": "8Base-JBEAP-7.2" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.2 for RHEL 8", "product_id": "8Base-JBEAP-7.2:eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch" }, "product_reference": "eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "relates_to_product_reference": "8Base-JBEAP-7.2" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.2 for RHEL 8", "product_id": "8Base-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el8eap.noarch" }, "product_reference": "eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el8eap.noarch", "relates_to_product_reference": "8Base-JBEAP-7.2" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el8eap.src as a component of Red Hat JBoss EAP 7.2 for RHEL 8", "product_id": "8Base-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el8eap.src" }, "product_reference": "eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el8eap.src", "relates_to_product_reference": "8Base-JBEAP-7.2" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.2 for RHEL 8", "product_id": "8Base-JBEAP-7.2:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el8eap.noarch" }, "product_reference": "eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el8eap.noarch", "relates_to_product_reference": "8Base-JBEAP-7.2" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el8eap.src as a component of Red Hat JBoss EAP 7.2 for RHEL 8", "product_id": "8Base-JBEAP-7.2:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el8eap.src" }, "product_reference": "eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el8eap.src", "relates_to_product_reference": "8Base-JBEAP-7.2" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.2 for RHEL 8", "product_id": "8Base-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el8eap.noarch" }, "product_reference": "eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el8eap.noarch", "relates_to_product_reference": "8Base-JBEAP-7.2" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el8eap.src as a component of Red Hat JBoss EAP 7.2 for RHEL 8", "product_id": "8Base-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el8eap.src" }, "product_reference": "eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el8eap.src", "relates_to_product_reference": "8Base-JBEAP-7.2" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.2 for RHEL 8", "product_id": "8Base-JBEAP-7.2:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el8eap.noarch" }, "product_reference": "eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el8eap.noarch", "relates_to_product_reference": "8Base-JBEAP-7.2" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el8eap.src as a component of Red Hat JBoss EAP 7.2 for RHEL 8", "product_id": "8Base-JBEAP-7.2:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el8eap.src" }, "product_reference": "eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el8eap.src", "relates_to_product_reference": "8Base-JBEAP-7.2" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.2 for RHEL 8", "product_id": "8Base-JBEAP-7.2:eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el8eap.noarch" }, "product_reference": "eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el8eap.noarch", "relates_to_product_reference": "8Base-JBEAP-7.2" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el8eap.src as a component of Red Hat JBoss EAP 7.2 for RHEL 8", "product_id": "8Base-JBEAP-7.2:eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el8eap.src" }, "product_reference": "eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el8eap.src", "relates_to_product_reference": "8Base-JBEAP-7.2" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.2 for RHEL 8", "product_id": "8Base-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch" }, "product_reference": "eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "relates_to_product_reference": "8Base-JBEAP-7.2" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el8eap.src as a component of Red Hat JBoss EAP 7.2 for RHEL 8", "product_id": "8Base-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el8eap.src" }, "product_reference": "eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el8eap.src", "relates_to_product_reference": "8Base-JBEAP-7.2" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jboss-server-migration-cli-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.2 for RHEL 8", "product_id": "8Base-JBEAP-7.2:eap7-jboss-server-migration-cli-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch" }, "product_reference": "eap7-jboss-server-migration-cli-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "relates_to_product_reference": "8Base-JBEAP-7.2" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jboss-server-migration-core-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.2 for RHEL 8", "product_id": "8Base-JBEAP-7.2:eap7-jboss-server-migration-core-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch" }, "product_reference": "eap7-jboss-server-migration-core-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "relates_to_product_reference": "8Base-JBEAP-7.2" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jboss-server-migration-eap6.4-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.2 for RHEL 8", "product_id": "8Base-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch" }, "product_reference": "eap7-jboss-server-migration-eap6.4-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "relates_to_product_reference": "8Base-JBEAP-7.2" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jboss-server-migration-eap6.4-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.2 for RHEL 8", "product_id": "8Base-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch" }, "product_reference": "eap7-jboss-server-migration-eap6.4-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "relates_to_product_reference": "8Base-JBEAP-7.2" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jboss-server-migration-eap7.0-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.2 for RHEL 8", "product_id": "8Base-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch" }, "product_reference": "eap7-jboss-server-migration-eap7.0-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "relates_to_product_reference": "8Base-JBEAP-7.2" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jboss-server-migration-eap7.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.2 for RHEL 8", "product_id": "8Base-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch" }, "product_reference": "eap7-jboss-server-migration-eap7.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "relates_to_product_reference": "8Base-JBEAP-7.2" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jboss-server-migration-eap7.1-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.2 for RHEL 8", "product_id": "8Base-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch" }, "product_reference": "eap7-jboss-server-migration-eap7.1-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "relates_to_product_reference": "8Base-JBEAP-7.2" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jboss-server-migration-eap7.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.2 for RHEL 8", "product_id": "8Base-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch" }, "product_reference": "eap7-jboss-server-migration-eap7.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "relates_to_product_reference": "8Base-JBEAP-7.2" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jboss-server-migration-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.2 for RHEL 8", "product_id": "8Base-JBEAP-7.2:eap7-jboss-server-migration-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch" }, "product_reference": "eap7-jboss-server-migration-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "relates_to_product_reference": "8Base-JBEAP-7.2" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jboss-server-migration-wildfly10.0-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.2 for RHEL 8", "product_id": "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch" }, "product_reference": "eap7-jboss-server-migration-wildfly10.0-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "relates_to_product_reference": "8Base-JBEAP-7.2" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jboss-server-migration-wildfly10.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.2 for RHEL 8", "product_id": "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch" }, "product_reference": "eap7-jboss-server-migration-wildfly10.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "relates_to_product_reference": "8Base-JBEAP-7.2" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jboss-server-migration-wildfly10.1-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.2 for RHEL 8", "product_id": "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch" }, "product_reference": "eap7-jboss-server-migration-wildfly10.1-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "relates_to_product_reference": "8Base-JBEAP-7.2" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jboss-server-migration-wildfly10.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.2 for RHEL 8", "product_id": "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch" }, "product_reference": "eap7-jboss-server-migration-wildfly10.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "relates_to_product_reference": "8Base-JBEAP-7.2" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jboss-server-migration-wildfly11.0-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.2 for RHEL 8", "product_id": "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch" }, "product_reference": "eap7-jboss-server-migration-wildfly11.0-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "relates_to_product_reference": "8Base-JBEAP-7.2" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jboss-server-migration-wildfly11.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.2 for RHEL 8", "product_id": "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch" }, "product_reference": "eap7-jboss-server-migration-wildfly11.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "relates_to_product_reference": "8Base-JBEAP-7.2" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jboss-server-migration-wildfly12.0-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.2 for RHEL 8", "product_id": "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch" }, "product_reference": "eap7-jboss-server-migration-wildfly12.0-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "relates_to_product_reference": "8Base-JBEAP-7.2" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jboss-server-migration-wildfly12.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.2 for RHEL 8", "product_id": "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch" }, "product_reference": "eap7-jboss-server-migration-wildfly12.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "relates_to_product_reference": "8Base-JBEAP-7.2" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jboss-server-migration-wildfly13.0-server-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.2 for RHEL 8", "product_id": "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly13.0-server-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch" }, "product_reference": "eap7-jboss-server-migration-wildfly13.0-server-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "relates_to_product_reference": "8Base-JBEAP-7.2" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jboss-server-migration-wildfly14.0-server-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.2 for RHEL 8", "product_id": "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly14.0-server-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch" }, "product_reference": "eap7-jboss-server-migration-wildfly14.0-server-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "relates_to_product_reference": "8Base-JBEAP-7.2" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jboss-server-migration-wildfly8.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.2 for RHEL 8", "product_id": "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch" }, "product_reference": "eap7-jboss-server-migration-wildfly8.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "relates_to_product_reference": "8Base-JBEAP-7.2" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jboss-server-migration-wildfly8.2-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.2 for RHEL 8", "product_id": "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch" }, "product_reference": "eap7-jboss-server-migration-wildfly8.2-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "relates_to_product_reference": "8Base-JBEAP-7.2" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jboss-server-migration-wildfly9.0-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.2 for RHEL 8", "product_id": "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch" }, "product_reference": "eap7-jboss-server-migration-wildfly9.0-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "relates_to_product_reference": "8Base-JBEAP-7.2" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jboss-server-migration-wildfly9.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.2 for RHEL 8", "product_id": "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch" }, "product_reference": "eap7-jboss-server-migration-wildfly9.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "relates_to_product_reference": "8Base-JBEAP-7.2" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.2 for RHEL 8", "product_id": "8Base-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el8eap.noarch" }, "product_reference": "eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el8eap.noarch", "relates_to_product_reference": "8Base-JBEAP-7.2" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el8eap.src as a component of Red Hat JBoss EAP 7.2 for RHEL 8", "product_id": "8Base-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el8eap.src" }, "product_reference": "eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el8eap.src", "relates_to_product_reference": "8Base-JBEAP-7.2" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.2 for RHEL 8", "product_id": "8Base-JBEAP-7.2:eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch" }, "product_reference": "eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "relates_to_product_reference": "8Base-JBEAP-7.2" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el8eap.src as a component of Red Hat JBoss EAP 7.2 for RHEL 8", "product_id": "8Base-JBEAP-7.2:eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el8eap.src" }, "product_reference": "eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el8eap.src", "relates_to_product_reference": "8Base-JBEAP-7.2" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-resteasy-atom-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.2 for RHEL 8", "product_id": "8Base-JBEAP-7.2:eap7-resteasy-atom-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch" }, "product_reference": "eap7-resteasy-atom-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "relates_to_product_reference": "8Base-JBEAP-7.2" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-resteasy-cdi-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.2 for RHEL 8", "product_id": "8Base-JBEAP-7.2:eap7-resteasy-cdi-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch" }, "product_reference": "eap7-resteasy-cdi-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "relates_to_product_reference": "8Base-JBEAP-7.2" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-resteasy-client-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.2 for RHEL 8", "product_id": "8Base-JBEAP-7.2:eap7-resteasy-client-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch" }, "product_reference": "eap7-resteasy-client-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "relates_to_product_reference": "8Base-JBEAP-7.2" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-resteasy-client-microprofile-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.2 for RHEL 8", "product_id": "8Base-JBEAP-7.2:eap7-resteasy-client-microprofile-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch" }, "product_reference": "eap7-resteasy-client-microprofile-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "relates_to_product_reference": "8Base-JBEAP-7.2" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-resteasy-crypto-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.2 for RHEL 8", "product_id": "8Base-JBEAP-7.2:eap7-resteasy-crypto-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch" }, "product_reference": "eap7-resteasy-crypto-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "relates_to_product_reference": "8Base-JBEAP-7.2" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-resteasy-jackson-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.2 for RHEL 8", "product_id": "8Base-JBEAP-7.2:eap7-resteasy-jackson-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch" }, "product_reference": "eap7-resteasy-jackson-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "relates_to_product_reference": "8Base-JBEAP-7.2" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-resteasy-jackson2-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.2 for RHEL 8", "product_id": "8Base-JBEAP-7.2:eap7-resteasy-jackson2-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch" }, "product_reference": "eap7-resteasy-jackson2-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "relates_to_product_reference": "8Base-JBEAP-7.2" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-resteasy-jaxb-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.2 for RHEL 8", "product_id": "8Base-JBEAP-7.2:eap7-resteasy-jaxb-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch" }, "product_reference": "eap7-resteasy-jaxb-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "relates_to_product_reference": "8Base-JBEAP-7.2" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-resteasy-jaxrs-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.2 for RHEL 8", "product_id": "8Base-JBEAP-7.2:eap7-resteasy-jaxrs-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch" }, "product_reference": "eap7-resteasy-jaxrs-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "relates_to_product_reference": "8Base-JBEAP-7.2" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-resteasy-jettison-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.2 for RHEL 8", "product_id": "8Base-JBEAP-7.2:eap7-resteasy-jettison-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch" }, "product_reference": "eap7-resteasy-jettison-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "relates_to_product_reference": "8Base-JBEAP-7.2" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-resteasy-jose-jwt-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.2 for RHEL 8", "product_id": "8Base-JBEAP-7.2:eap7-resteasy-jose-jwt-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch" }, "product_reference": "eap7-resteasy-jose-jwt-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "relates_to_product_reference": "8Base-JBEAP-7.2" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-resteasy-jsapi-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.2 for RHEL 8", "product_id": "8Base-JBEAP-7.2:eap7-resteasy-jsapi-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch" }, "product_reference": "eap7-resteasy-jsapi-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "relates_to_product_reference": "8Base-JBEAP-7.2" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-resteasy-json-binding-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.2 for RHEL 8", "product_id": "8Base-JBEAP-7.2:eap7-resteasy-json-binding-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch" }, "product_reference": "eap7-resteasy-json-binding-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "relates_to_product_reference": "8Base-JBEAP-7.2" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-resteasy-json-p-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.2 for RHEL 8", "product_id": "8Base-JBEAP-7.2:eap7-resteasy-json-p-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch" }, "product_reference": "eap7-resteasy-json-p-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "relates_to_product_reference": "8Base-JBEAP-7.2" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-resteasy-multipart-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.2 for RHEL 8", "product_id": "8Base-JBEAP-7.2:eap7-resteasy-multipart-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch" }, "product_reference": "eap7-resteasy-multipart-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "relates_to_product_reference": "8Base-JBEAP-7.2" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-resteasy-rxjava2-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.2 for RHEL 8", "product_id": "8Base-JBEAP-7.2:eap7-resteasy-rxjava2-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch" }, "product_reference": "eap7-resteasy-rxjava2-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "relates_to_product_reference": "8Base-JBEAP-7.2" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-resteasy-spring-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.2 for RHEL 8", "product_id": "8Base-JBEAP-7.2:eap7-resteasy-spring-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch" }, "product_reference": "eap7-resteasy-spring-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "relates_to_product_reference": "8Base-JBEAP-7.2" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-resteasy-validator-provider-11-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.2 for RHEL 8", "product_id": "8Base-JBEAP-7.2:eap7-resteasy-validator-provider-11-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch" }, "product_reference": "eap7-resteasy-validator-provider-11-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "relates_to_product_reference": "8Base-JBEAP-7.2" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-resteasy-yaml-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.2 for RHEL 8", "product_id": "8Base-JBEAP-7.2:eap7-resteasy-yaml-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch" }, "product_reference": "eap7-resteasy-yaml-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "relates_to_product_reference": "8Base-JBEAP-7.2" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.2 for RHEL 8", "product_id": "8Base-JBEAP-7.2:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el8eap.noarch" }, "product_reference": "eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el8eap.noarch", "relates_to_product_reference": "8Base-JBEAP-7.2" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el8eap.src as a component of Red Hat JBoss EAP 7.2 for RHEL 8", "product_id": "8Base-JBEAP-7.2:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el8eap.src" }, "product_reference": "eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el8eap.src", "relates_to_product_reference": "8Base-JBEAP-7.2" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-undertow-server-0:1.2.5-1.Final_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.2 for RHEL 8", "product_id": "8Base-JBEAP-7.2:eap7-undertow-server-0:1.2.5-1.Final_redhat_00001.1.el8eap.noarch" }, "product_reference": "eap7-undertow-server-0:1.2.5-1.Final_redhat_00001.1.el8eap.noarch", "relates_to_product_reference": "8Base-JBEAP-7.2" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.2 for RHEL 8", "product_id": "8Base-JBEAP-7.2:eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch" }, "product_reference": "eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch", "relates_to_product_reference": "8Base-JBEAP-7.2" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el8eap.src as a component of Red Hat JBoss EAP 7.2 for RHEL 8", "product_id": "8Base-JBEAP-7.2:eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el8eap.src" }, "product_reference": "eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el8eap.src", "relates_to_product_reference": "8Base-JBEAP-7.2" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-weld-core-impl-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.2 for RHEL 8", "product_id": "8Base-JBEAP-7.2:eap7-weld-core-impl-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch" }, "product_reference": "eap7-weld-core-impl-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch", "relates_to_product_reference": "8Base-JBEAP-7.2" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-weld-core-jsf-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.2 for RHEL 8", "product_id": "8Base-JBEAP-7.2:eap7-weld-core-jsf-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch" }, "product_reference": "eap7-weld-core-jsf-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch", "relates_to_product_reference": "8Base-JBEAP-7.2" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-weld-ejb-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.2 for RHEL 8", "product_id": "8Base-JBEAP-7.2:eap7-weld-ejb-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch" }, "product_reference": "eap7-weld-ejb-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch", "relates_to_product_reference": "8Base-JBEAP-7.2" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-weld-jta-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.2 for RHEL 8", "product_id": "8Base-JBEAP-7.2:eap7-weld-jta-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch" }, "product_reference": "eap7-weld-jta-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch", "relates_to_product_reference": "8Base-JBEAP-7.2" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-weld-probe-core-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.2 for RHEL 8", "product_id": "8Base-JBEAP-7.2:eap7-weld-probe-core-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch" }, "product_reference": "eap7-weld-probe-core-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch", "relates_to_product_reference": "8Base-JBEAP-7.2" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-weld-web-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.2 for RHEL 8", "product_id": "8Base-JBEAP-7.2:eap7-weld-web-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch" }, "product_reference": "eap7-weld-web-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch", "relates_to_product_reference": "8Base-JBEAP-7.2" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.2 for RHEL 8", "product_id": "8Base-JBEAP-7.2:eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el8eap.noarch" }, "product_reference": "eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el8eap.noarch", "relates_to_product_reference": "8Base-JBEAP-7.2" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el8eap.src as a component of Red Hat JBoss EAP 7.2 for RHEL 8", "product_id": "8Base-JBEAP-7.2:eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el8eap.src" }, "product_reference": "eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el8eap.src", "relates_to_product_reference": "8Base-JBEAP-7.2" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.2 for RHEL 8", "product_id": "8Base-JBEAP-7.2:eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el8eap.noarch" }, "product_reference": "eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el8eap.noarch", "relates_to_product_reference": "8Base-JBEAP-7.2" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el8eap.src as a component of Red Hat JBoss EAP 7.2 for RHEL 8", "product_id": "8Base-JBEAP-7.2:eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el8eap.src" }, "product_reference": "eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el8eap.src", "relates_to_product_reference": "8Base-JBEAP-7.2" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.src as a component of Red Hat JBoss EAP 7.2 for RHEL 8", "product_id": "8Base-JBEAP-7.2:eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.src" }, "product_reference": "eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.src", "relates_to_product_reference": "8Base-JBEAP-7.2" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.2 for RHEL 8", "product_id": "8Base-JBEAP-7.2:eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch" }, "product_reference": "eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch", "relates_to_product_reference": "8Base-JBEAP-7.2" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.2 for RHEL 8", "product_id": "8Base-JBEAP-7.2:eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch" }, "product_reference": "eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch", "relates_to_product_reference": "8Base-JBEAP-7.2" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.2 for RHEL 8", "product_id": "8Base-JBEAP-7.2:eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch" }, "product_reference": "eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch", "relates_to_product_reference": "8Base-JBEAP-7.2" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.2 for RHEL 8", "product_id": "8Base-JBEAP-7.2:eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch" }, "product_reference": "eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch", "relates_to_product_reference": "8Base-JBEAP-7.2" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-wildfly-javadocs-0:7.2.9-4.GA_redhat_00003.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.2 for RHEL 8", "product_id": "8Base-JBEAP-7.2:eap7-wildfly-javadocs-0:7.2.9-4.GA_redhat_00003.1.el8eap.noarch" }, "product_reference": "eap7-wildfly-javadocs-0:7.2.9-4.GA_redhat_00003.1.el8eap.noarch", "relates_to_product_reference": "8Base-JBEAP-7.2" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-wildfly-modules-0:7.2.9-4.GA_redhat_00003.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.2 for RHEL 8", "product_id": "8Base-JBEAP-7.2:eap7-wildfly-modules-0:7.2.9-4.GA_redhat_00003.1.el8eap.noarch" }, "product_reference": "eap7-wildfly-modules-0:7.2.9-4.GA_redhat_00003.1.el8eap.noarch", "relates_to_product_reference": "8Base-JBEAP-7.2" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.2 for RHEL 8", "product_id": "8Base-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el8eap.noarch" }, "product_reference": "eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el8eap.noarch", "relates_to_product_reference": "8Base-JBEAP-7.2" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el8eap.src as a component of Red Hat JBoss EAP 7.2 for RHEL 8", "product_id": "8Base-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el8eap.src" }, "product_reference": "eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el8eap.src", "relates_to_product_reference": "8Base-JBEAP-7.2" } ] }, "vulnerabilities": [ { "acknowledgments": [ { "names": [ "Guillaume Smet" ], "organization": "Red Hat", "summary": "This issue was discovered by Red Hat." } ], "cve": "CVE-2019-14900", "cwe": { "id": "CWE-89", "name": "Improper Neutralization of Special Elements used in an SQL Command (\u0027SQL Injection\u0027)" }, "discovery_date": "2019-01-15T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1666499" } ], "notes": [ { "category": "description", "text": "A flaw was found in Hibernate ORM. A SQL injection in the implementation of the JPA Criteria API can permit unsanitized literals when a literal is used in the SELECT or GROUP BY parts of the query. This flaw could allow an attacker to access unauthorized information or possibly conduct further attacks.", "title": "Vulnerability description" }, { "category": "summary", "text": "hibernate: SQL injection issue in Hibernate ORM", "title": "Vulnerability summary" }, { "category": "other", "text": "OpenDaylight:\nIn RHOSP10, RHOSP13 and RHOSP14 editions of Red Hat OpenStack platform, the hibernate-jfa library shipped with OpenDaylight is contains a flaw in the processing of SQL queries. The hibernate-jha implemenation is not used in a vulnerable way in OpenDaylight, preventing the potential for SQL injection.\n\nRed Hat Satellite 6.2, 6.3 and 6.4 contains affected versions of hibernate-core in its candlepin component. However, that component does not use hibernate-core in a vulnerable way.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "8Base-JBEAP-7.2:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-elytron-web-0:1.2.5-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el8eap.src", "8Base-JBEAP-7.2:eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el8eap.src", "8Base-JBEAP-7.2:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el8eap.src", "8Base-JBEAP-7.2:eap7-jboss-server-migration-cli-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-core-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly13.0-server-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly14.0-server-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-resteasy-atom-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-cdi-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-client-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-client-microprofile-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-crypto-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-jackson-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-jackson2-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-jaxb-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-jaxrs-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-jettison-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-jose-jwt-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-jsapi-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-json-binding-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-json-p-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-multipart-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-rxjava2-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-spring-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-validator-provider-11-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-yaml-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-undertow-server-0:1.2.5-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el8eap.src", "8Base-JBEAP-7.2:eap7-weld-core-impl-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-weld-core-jsf-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-weld-ejb-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-weld-jta-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-weld-probe-core-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-weld-web-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el8eap.src", "8Base-JBEAP-7.2:eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-javadocs-0:7.2.9-4.GA_redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-modules-0:7.2.9-4.GA_redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el8eap.src" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2019-14900" }, { "category": "external", "summary": "RHBZ#1666499", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1666499" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2019-14900", "url": "https://www.cve.org/CVERecord?id=CVE-2019-14900" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2019-14900", "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-14900" } ], "release_date": "2020-05-12T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2020-09-07T12:58:06+00:00", "details": "Before applying this update, make sure all previously released errata relevant to your system have been applied.\n\nFor details about how to apply this update, see:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "8Base-JBEAP-7.2:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-elytron-web-0:1.2.5-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el8eap.src", "8Base-JBEAP-7.2:eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el8eap.src", "8Base-JBEAP-7.2:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el8eap.src", "8Base-JBEAP-7.2:eap7-jboss-server-migration-cli-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-core-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly13.0-server-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly14.0-server-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-resteasy-atom-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-cdi-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-client-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-client-microprofile-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-crypto-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-jackson-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-jackson2-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-jaxb-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-jaxrs-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-jettison-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-jose-jwt-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-jsapi-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-json-binding-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-json-p-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-multipart-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-rxjava2-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-spring-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-validator-provider-11-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-yaml-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-undertow-server-0:1.2.5-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el8eap.src", "8Base-JBEAP-7.2:eap7-weld-core-impl-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-weld-core-jsf-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-weld-ejb-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-weld-jta-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-weld-probe-core-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-weld-web-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el8eap.src", "8Base-JBEAP-7.2:eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-javadocs-0:7.2.9-4.GA_redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-modules-0:7.2.9-4.GA_redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el8eap.src" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2020:3639" }, { "category": "workaround", "details": "There is no currently known mitigation for this flaw.", "product_ids": [ "8Base-JBEAP-7.2:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-elytron-web-0:1.2.5-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el8eap.src", "8Base-JBEAP-7.2:eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el8eap.src", "8Base-JBEAP-7.2:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el8eap.src", "8Base-JBEAP-7.2:eap7-jboss-server-migration-cli-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-core-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly13.0-server-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly14.0-server-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-resteasy-atom-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-cdi-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-client-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-client-microprofile-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-crypto-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-jackson-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-jackson2-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-jaxb-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-jaxrs-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-jettison-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-jose-jwt-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-jsapi-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-json-binding-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-json-p-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-multipart-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-rxjava2-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-spring-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-validator-provider-11-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-yaml-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-undertow-server-0:1.2.5-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el8eap.src", "8Base-JBEAP-7.2:eap7-weld-core-impl-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-weld-core-jsf-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-weld-ejb-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-weld-jta-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-weld-probe-core-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-weld-web-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el8eap.src", "8Base-JBEAP-7.2:eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-javadocs-0:7.2.9-4.GA_redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-modules-0:7.2.9-4.GA_redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el8eap.src" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "version": "3.1" }, "products": [ "8Base-JBEAP-7.2:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-elytron-web-0:1.2.5-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el8eap.src", "8Base-JBEAP-7.2:eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el8eap.src", "8Base-JBEAP-7.2:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el8eap.src", "8Base-JBEAP-7.2:eap7-jboss-server-migration-cli-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-core-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly13.0-server-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly14.0-server-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-resteasy-atom-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-cdi-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-client-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-client-microprofile-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-crypto-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-jackson-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-jackson2-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-jaxb-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-jaxrs-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-jettison-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-jose-jwt-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-jsapi-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-json-binding-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-json-p-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-multipart-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-rxjava2-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-spring-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-validator-provider-11-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-yaml-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-undertow-server-0:1.2.5-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el8eap.src", "8Base-JBEAP-7.2:eap7-weld-core-impl-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-weld-core-jsf-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-weld-ejb-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-weld-jta-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-weld-probe-core-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-weld-web-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el8eap.src", "8Base-JBEAP-7.2:eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-javadocs-0:7.2.9-4.GA_redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-modules-0:7.2.9-4.GA_redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el8eap.src" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "hibernate: SQL injection issue in Hibernate ORM" }, { "acknowledgments": [ { "names": [ "Mirko Selber" ], "organization": "Compass Security" } ], "cve": "CVE-2020-1695", "cwe": { "id": "CWE-20", "name": "Improper Input Validation" }, "discovery_date": "2019-07-16T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1730462" } ], "notes": [ { "category": "description", "text": "A flaw was found in Resteasy, where an improper input validation results in returning an illegal header that integrates into the server\u0027s response. This flaw may result in an injection, which leads to unexpected behavior when the HTTP response is constructed.", "title": "Vulnerability description" }, { "category": "summary", "text": "resteasy: Improper validation of response header in MediaTypeHeaderDelegate.java class", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "8Base-JBEAP-7.2:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-elytron-web-0:1.2.5-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el8eap.src", "8Base-JBEAP-7.2:eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el8eap.src", "8Base-JBEAP-7.2:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el8eap.src", "8Base-JBEAP-7.2:eap7-jboss-server-migration-cli-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-core-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly13.0-server-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly14.0-server-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-resteasy-atom-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-cdi-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-client-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-client-microprofile-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-crypto-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-jackson-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-jackson2-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-jaxb-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-jaxrs-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-jettison-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-jose-jwt-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-jsapi-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-json-binding-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-json-p-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-multipart-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-rxjava2-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-spring-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-validator-provider-11-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-yaml-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-undertow-server-0:1.2.5-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el8eap.src", "8Base-JBEAP-7.2:eap7-weld-core-impl-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-weld-core-jsf-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-weld-ejb-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-weld-jta-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-weld-probe-core-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-weld-web-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el8eap.src", "8Base-JBEAP-7.2:eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-javadocs-0:7.2.9-4.GA_redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-modules-0:7.2.9-4.GA_redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el8eap.src" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2020-1695" }, { "category": "external", "summary": "RHBZ#1730462", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1730462" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2020-1695", "url": "https://www.cve.org/CVERecord?id=CVE-2020-1695" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-1695", "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-1695" } ], "release_date": "2020-04-15T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2020-09-07T12:58:06+00:00", "details": "Before applying this update, make sure all previously released errata relevant to your system have been applied.\n\nFor details about how to apply this update, see:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "8Base-JBEAP-7.2:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-elytron-web-0:1.2.5-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el8eap.src", "8Base-JBEAP-7.2:eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el8eap.src", "8Base-JBEAP-7.2:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el8eap.src", "8Base-JBEAP-7.2:eap7-jboss-server-migration-cli-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-core-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly13.0-server-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly14.0-server-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-resteasy-atom-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-cdi-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-client-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-client-microprofile-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-crypto-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-jackson-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-jackson2-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-jaxb-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-jaxrs-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-jettison-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-jose-jwt-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-jsapi-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-json-binding-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-json-p-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-multipart-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-rxjava2-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-spring-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-validator-provider-11-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-yaml-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-undertow-server-0:1.2.5-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el8eap.src", "8Base-JBEAP-7.2:eap7-weld-core-impl-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-weld-core-jsf-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-weld-ejb-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-weld-jta-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-weld-probe-core-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-weld-web-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el8eap.src", "8Base-JBEAP-7.2:eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-javadocs-0:7.2.9-4.GA_redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-modules-0:7.2.9-4.GA_redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el8eap.src" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2020:3639" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", "version": "3.0" }, "products": [ "8Base-JBEAP-7.2:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-elytron-web-0:1.2.5-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el8eap.src", "8Base-JBEAP-7.2:eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el8eap.src", "8Base-JBEAP-7.2:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el8eap.src", "8Base-JBEAP-7.2:eap7-jboss-server-migration-cli-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-core-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly13.0-server-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly14.0-server-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-resteasy-atom-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-cdi-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-client-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-client-microprofile-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-crypto-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-jackson-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-jackson2-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-jaxb-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-jaxrs-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-jettison-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-jose-jwt-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-jsapi-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-json-binding-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-json-p-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-multipart-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-rxjava2-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-spring-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-validator-provider-11-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-yaml-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-undertow-server-0:1.2.5-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el8eap.src", "8Base-JBEAP-7.2:eap7-weld-core-impl-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-weld-core-jsf-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-weld-ejb-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-weld-jta-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-weld-probe-core-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-weld-web-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el8eap.src", "8Base-JBEAP-7.2:eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-javadocs-0:7.2.9-4.GA_redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-modules-0:7.2.9-4.GA_redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el8eap.src" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "resteasy: Improper validation of response header in MediaTypeHeaderDelegate.java class" }, { "cve": "CVE-2020-1710", "cwe": { "id": "CWE-113", "name": "Improper Neutralization of CRLF Sequences in HTTP Headers (\u0027HTTP Request/Response Splitting\u0027)" }, "discovery_date": "2019-12-20T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1793970" } ], "notes": [ { "category": "description", "text": "A flaw was discovered in JBoss EAP, where it does not process the header field-name in accordance with RFC7230. Whitespace between the header field-name and colon is processed, resulting in an HTTP response code of 200 instead of a bad request of 400.", "title": "Vulnerability description" }, { "category": "summary", "text": "EAP: field-name is not parsed in accordance to RFC7230", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "8Base-JBEAP-7.2:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-elytron-web-0:1.2.5-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el8eap.src", "8Base-JBEAP-7.2:eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el8eap.src", "8Base-JBEAP-7.2:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el8eap.src", "8Base-JBEAP-7.2:eap7-jboss-server-migration-cli-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-core-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly13.0-server-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly14.0-server-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-resteasy-atom-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-cdi-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-client-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-client-microprofile-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-crypto-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-jackson-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-jackson2-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-jaxb-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-jaxrs-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-jettison-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-jose-jwt-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-jsapi-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-json-binding-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-json-p-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-multipart-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-rxjava2-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-spring-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-validator-provider-11-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-yaml-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-undertow-server-0:1.2.5-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el8eap.src", "8Base-JBEAP-7.2:eap7-weld-core-impl-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-weld-core-jsf-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-weld-ejb-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-weld-jta-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-weld-probe-core-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-weld-web-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el8eap.src", "8Base-JBEAP-7.2:eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-javadocs-0:7.2.9-4.GA_redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-modules-0:7.2.9-4.GA_redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el8eap.src" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2020-1710" }, { "category": "external", "summary": "RHBZ#1793970", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1793970" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2020-1710", "url": "https://www.cve.org/CVERecord?id=CVE-2020-1710" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-1710", "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-1710" } ], "release_date": "2020-08-06T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2020-09-07T12:58:06+00:00", "details": "Before applying this update, make sure all previously released errata relevant to your system have been applied.\n\nFor details about how to apply this update, see:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "8Base-JBEAP-7.2:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-elytron-web-0:1.2.5-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el8eap.src", "8Base-JBEAP-7.2:eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el8eap.src", "8Base-JBEAP-7.2:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el8eap.src", "8Base-JBEAP-7.2:eap7-jboss-server-migration-cli-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-core-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly13.0-server-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly14.0-server-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-resteasy-atom-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-cdi-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-client-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-client-microprofile-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-crypto-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-jackson-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-jackson2-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-jaxb-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-jaxrs-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-jettison-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-jose-jwt-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-jsapi-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-json-binding-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-json-p-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-multipart-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-rxjava2-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-spring-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-validator-provider-11-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-yaml-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-undertow-server-0:1.2.5-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el8eap.src", "8Base-JBEAP-7.2:eap7-weld-core-impl-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-weld-core-jsf-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-weld-ejb-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-weld-jta-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-weld-probe-core-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-weld-web-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el8eap.src", "8Base-JBEAP-7.2:eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-javadocs-0:7.2.9-4.GA_redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-modules-0:7.2.9-4.GA_redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el8eap.src" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2020:3639" }, { "category": "workaround", "details": "There is currently no known mitigation for this issue.", "product_ids": [ "8Base-JBEAP-7.2:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-elytron-web-0:1.2.5-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el8eap.src", "8Base-JBEAP-7.2:eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el8eap.src", "8Base-JBEAP-7.2:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el8eap.src", "8Base-JBEAP-7.2:eap7-jboss-server-migration-cli-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-core-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly13.0-server-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly14.0-server-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-resteasy-atom-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-cdi-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-client-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-client-microprofile-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-crypto-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-jackson-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-jackson2-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-jaxb-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-jaxrs-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-jettison-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-jose-jwt-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-jsapi-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-json-binding-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-json-p-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-multipart-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-rxjava2-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-spring-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-validator-provider-11-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-yaml-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-undertow-server-0:1.2.5-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el8eap.src", "8Base-JBEAP-7.2:eap7-weld-core-impl-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-weld-core-jsf-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-weld-ejb-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-weld-jta-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-weld-probe-core-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-weld-web-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el8eap.src", "8Base-JBEAP-7.2:eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-javadocs-0:7.2.9-4.GA_redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-modules-0:7.2.9-4.GA_redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el8eap.src" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", "version": "3.1" }, "products": [ "8Base-JBEAP-7.2:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-elytron-web-0:1.2.5-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el8eap.src", "8Base-JBEAP-7.2:eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el8eap.src", "8Base-JBEAP-7.2:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el8eap.src", "8Base-JBEAP-7.2:eap7-jboss-server-migration-cli-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-core-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly13.0-server-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly14.0-server-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-resteasy-atom-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-cdi-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-client-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-client-microprofile-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-crypto-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-jackson-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-jackson2-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-jaxb-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-jaxrs-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-jettison-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-jose-jwt-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-jsapi-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-json-binding-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-json-p-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-multipart-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-rxjava2-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-spring-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-validator-provider-11-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-yaml-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-undertow-server-0:1.2.5-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el8eap.src", "8Base-JBEAP-7.2:eap7-weld-core-impl-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-weld-core-jsf-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-weld-ejb-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-weld-jta-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-weld-probe-core-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-weld-web-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el8eap.src", "8Base-JBEAP-7.2:eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-javadocs-0:7.2.9-4.GA_redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-modules-0:7.2.9-4.GA_redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el8eap.src" ] } ], "threats": [ { "category": "impact", "details": "Important" } ], "title": "EAP: field-name is not parsed in accordance to RFC7230" }, { "cve": "CVE-2020-1748", "cwe": { "id": "CWE-285", "name": "Improper Authorization" }, "discovery_date": "2020-02-26T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1807707" } ], "notes": [ { "category": "description", "text": "A flaw was found in Wildfly, where the WildFlySecurityManager checks were bypassed when using custom security managers, resulting in an improper authorization. This flaw leads to information exposure by unauthenticated access to secure resources.", "title": "Vulnerability description" }, { "category": "summary", "text": "Wildfly: Improper authorization issue in WildFlySecurityManager when using alternative protection domain", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "8Base-JBEAP-7.2:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-elytron-web-0:1.2.5-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el8eap.src", "8Base-JBEAP-7.2:eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el8eap.src", "8Base-JBEAP-7.2:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el8eap.src", "8Base-JBEAP-7.2:eap7-jboss-server-migration-cli-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-core-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly13.0-server-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly14.0-server-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-resteasy-atom-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-cdi-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-client-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-client-microprofile-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-crypto-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-jackson-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-jackson2-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-jaxb-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-jaxrs-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-jettison-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-jose-jwt-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-jsapi-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-json-binding-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-json-p-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-multipart-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-rxjava2-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-spring-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-validator-provider-11-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-yaml-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-undertow-server-0:1.2.5-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el8eap.src", "8Base-JBEAP-7.2:eap7-weld-core-impl-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-weld-core-jsf-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-weld-ejb-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-weld-jta-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-weld-probe-core-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-weld-web-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el8eap.src", "8Base-JBEAP-7.2:eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-javadocs-0:7.2.9-4.GA_redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-modules-0:7.2.9-4.GA_redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el8eap.src" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2020-1748" }, { "category": "external", "summary": "RHBZ#1807707", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1807707" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2020-1748", "url": "https://www.cve.org/CVERecord?id=CVE-2020-1748" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-1748", "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-1748" } ], "release_date": "2020-08-06T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2020-09-07T12:58:06+00:00", "details": "Before applying this update, make sure all previously released errata relevant to your system have been applied.\n\nFor details about how to apply this update, see:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "8Base-JBEAP-7.2:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-elytron-web-0:1.2.5-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el8eap.src", "8Base-JBEAP-7.2:eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el8eap.src", "8Base-JBEAP-7.2:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el8eap.src", "8Base-JBEAP-7.2:eap7-jboss-server-migration-cli-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-core-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly13.0-server-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly14.0-server-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-resteasy-atom-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-cdi-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-client-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-client-microprofile-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-crypto-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-jackson-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-jackson2-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-jaxb-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-jaxrs-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-jettison-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-jose-jwt-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-jsapi-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-json-binding-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-json-p-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-multipart-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-rxjava2-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-spring-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-validator-provider-11-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-yaml-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-undertow-server-0:1.2.5-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el8eap.src", "8Base-JBEAP-7.2:eap7-weld-core-impl-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-weld-core-jsf-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-weld-ejb-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-weld-jta-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-weld-probe-core-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-weld-web-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el8eap.src", "8Base-JBEAP-7.2:eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-javadocs-0:7.2.9-4.GA_redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-modules-0:7.2.9-4.GA_redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el8eap.src" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2020:3639" } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 4.8, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N", "version": "3.1" }, "products": [ "8Base-JBEAP-7.2:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-elytron-web-0:1.2.5-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el8eap.src", "8Base-JBEAP-7.2:eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el8eap.src", "8Base-JBEAP-7.2:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el8eap.src", "8Base-JBEAP-7.2:eap7-jboss-server-migration-cli-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-core-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly13.0-server-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly14.0-server-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-resteasy-atom-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-cdi-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-client-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-client-microprofile-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-crypto-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-jackson-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-jackson2-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-jaxb-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-jaxrs-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-jettison-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-jose-jwt-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-jsapi-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-json-binding-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-json-p-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-multipart-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-rxjava2-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-spring-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-validator-provider-11-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-yaml-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-undertow-server-0:1.2.5-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el8eap.src", "8Base-JBEAP-7.2:eap7-weld-core-impl-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-weld-core-jsf-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-weld-ejb-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-weld-jta-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-weld-probe-core-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-weld-web-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el8eap.src", "8Base-JBEAP-7.2:eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-javadocs-0:7.2.9-4.GA_redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-modules-0:7.2.9-4.GA_redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el8eap.src" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "Wildfly: Improper authorization issue in WildFlySecurityManager when using alternative protection domain" }, { "acknowledgments": [ { "names": [ "An Trinh" ] } ], "cve": "CVE-2020-6950", "cwe": { "id": "CWE-22", "name": "Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)" }, "discovery_date": "2019-12-16T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1805006" } ], "notes": [ { "category": "description", "text": "A flaw was found in Eclipse Mojarra before version 2.3.14, where it is vulnerable to a path traversal flaw via the loc parameter or the con parameter. An attacker could exploit this flaw to read arbitrary files.", "title": "Vulnerability description" }, { "category": "summary", "text": "Mojarra: Path traversal via either the loc parameter or the con parameter, incomplete fix of CVE-2018-14371", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "8Base-JBEAP-7.2:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-elytron-web-0:1.2.5-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el8eap.src", "8Base-JBEAP-7.2:eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el8eap.src", "8Base-JBEAP-7.2:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el8eap.src", "8Base-JBEAP-7.2:eap7-jboss-server-migration-cli-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-core-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly13.0-server-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly14.0-server-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-resteasy-atom-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-cdi-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-client-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-client-microprofile-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-crypto-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-jackson-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-jackson2-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-jaxb-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-jaxrs-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-jettison-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-jose-jwt-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-jsapi-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-json-binding-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-json-p-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-multipart-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-rxjava2-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-spring-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-validator-provider-11-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-yaml-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-undertow-server-0:1.2.5-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el8eap.src", "8Base-JBEAP-7.2:eap7-weld-core-impl-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-weld-core-jsf-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-weld-ejb-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-weld-jta-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-weld-probe-core-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-weld-web-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el8eap.src", "8Base-JBEAP-7.2:eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-javadocs-0:7.2.9-4.GA_redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-modules-0:7.2.9-4.GA_redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el8eap.src" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2020-6950" }, { "category": "external", "summary": "RHBZ#1805006", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1805006" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2020-6950", "url": "https://www.cve.org/CVERecord?id=CVE-2020-6950" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-6950", "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-6950" }, { "category": "external", "summary": "https://bugs.eclipse.org/bugs/show_bug.cgi?id=550943", "url": "https://bugs.eclipse.org/bugs/show_bug.cgi?id=550943" }, { "category": "external", "summary": "https://github.com/eclipse-ee4j/mojarra/commit/1b434748d9239f42eae8aa7d37d7a0930c061e24", "url": "https://github.com/eclipse-ee4j/mojarra/commit/1b434748d9239f42eae8aa7d37d7a0930c061e24" }, { "category": "external", "summary": "https://github.com/eclipse-ee4j/mojarra/commit/cefbb9447e7be560e59da2da6bd7cb93776f7741", "url": "https://github.com/eclipse-ee4j/mojarra/commit/cefbb9447e7be560e59da2da6bd7cb93776f7741" }, { "category": "external", "summary": "https://github.com/eclipse-ee4j/mojarra/issues/4571", "url": "https://github.com/eclipse-ee4j/mojarra/issues/4571" }, { "category": "external", "summary": "https://github.com/javaserverfaces/mojarra/issues/4364", "url": "https://github.com/javaserverfaces/mojarra/issues/4364" } ], "release_date": "2020-02-20T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2020-09-07T12:58:06+00:00", "details": "Before applying this update, make sure all previously released errata relevant to your system have been applied.\n\nFor details about how to apply this update, see:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "8Base-JBEAP-7.2:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-elytron-web-0:1.2.5-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el8eap.src", "8Base-JBEAP-7.2:eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el8eap.src", "8Base-JBEAP-7.2:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el8eap.src", "8Base-JBEAP-7.2:eap7-jboss-server-migration-cli-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-core-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly13.0-server-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly14.0-server-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-resteasy-atom-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-cdi-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-client-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-client-microprofile-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-crypto-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-jackson-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-jackson2-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-jaxb-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-jaxrs-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-jettison-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-jose-jwt-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-jsapi-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-json-binding-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-json-p-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-multipart-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-rxjava2-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-spring-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-validator-provider-11-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-yaml-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-undertow-server-0:1.2.5-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el8eap.src", "8Base-JBEAP-7.2:eap7-weld-core-impl-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-weld-core-jsf-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-weld-ejb-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-weld-jta-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-weld-probe-core-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-weld-web-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el8eap.src", "8Base-JBEAP-7.2:eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-javadocs-0:7.2.9-4.GA_redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-modules-0:7.2.9-4.GA_redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el8eap.src" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2020:3639" }, { "category": "workaround", "details": "There is no currently known mitigation for this flaw.", "product_ids": [ "8Base-JBEAP-7.2:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-elytron-web-0:1.2.5-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el8eap.src", "8Base-JBEAP-7.2:eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el8eap.src", "8Base-JBEAP-7.2:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el8eap.src", "8Base-JBEAP-7.2:eap7-jboss-server-migration-cli-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-core-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly13.0-server-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly14.0-server-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-resteasy-atom-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-cdi-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-client-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-client-microprofile-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-crypto-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-jackson-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-jackson2-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-jaxb-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-jaxrs-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-jettison-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-jose-jwt-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-jsapi-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-json-binding-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-json-p-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-multipart-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-rxjava2-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-spring-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-validator-provider-11-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-yaml-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-undertow-server-0:1.2.5-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el8eap.src", "8Base-JBEAP-7.2:eap7-weld-core-impl-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-weld-core-jsf-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-weld-ejb-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-weld-jta-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-weld-probe-core-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-weld-web-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el8eap.src", "8Base-JBEAP-7.2:eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-javadocs-0:7.2.9-4.GA_redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-modules-0:7.2.9-4.GA_redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el8eap.src" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N", "version": "3.1" }, "products": [ "8Base-JBEAP-7.2:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-elytron-web-0:1.2.5-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el8eap.src", "8Base-JBEAP-7.2:eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el8eap.src", "8Base-JBEAP-7.2:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el8eap.src", "8Base-JBEAP-7.2:eap7-jboss-server-migration-cli-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-core-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly13.0-server-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly14.0-server-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-resteasy-atom-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-cdi-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-client-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-client-microprofile-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-crypto-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-jackson-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-jackson2-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-jaxb-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-jaxrs-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-jettison-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-jose-jwt-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-jsapi-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-json-binding-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-json-p-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-multipart-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-rxjava2-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-spring-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-validator-provider-11-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-yaml-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-undertow-server-0:1.2.5-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el8eap.src", "8Base-JBEAP-7.2:eap7-weld-core-impl-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-weld-core-jsf-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-weld-ejb-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-weld-jta-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-weld-probe-core-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-weld-web-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el8eap.src", "8Base-JBEAP-7.2:eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-javadocs-0:7.2.9-4.GA_redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-modules-0:7.2.9-4.GA_redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el8eap.src" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "Mojarra: Path traversal via either the loc parameter or the con parameter, incomplete fix of CVE-2018-14371" }, { "cve": "CVE-2020-8840", "cwe": { "id": "CWE-502", "name": "Deserialization of Untrusted Data" }, "discovery_date": "2020-03-02T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1816330" } ], "notes": [ { "category": "description", "text": "A flaw was found in FasterXML jackson-databind in versions 2.0.0 through 2.9.10.2. A \"gadget\" exploit is possible due to a lack of a Java object being blocking from being deserialized. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.", "title": "Vulnerability description" }, { "category": "summary", "text": "jackson-databind: Lacks certain xbean-reflect/JNDI blocking", "title": "Vulnerability summary" }, { "category": "other", "text": "Red Hat OpenStack Platform ships OpenDaylight, which contains the vulnerable jackson-databind. However, OpenDaylight does not expose jackson-databind in a way that would make it vulnerable, lowering the impact of the vulnerability for OpenDaylight. As such, Red Hat will not be providing a fix for OpenDaylight at this time.\n\nWhile OpenShift Container Platform\u0027s elasticsearch plugins do ship the vulnerable component, it doesn\u0027t do any of the unsafe things described in https://access.redhat.com/solutions/3279231. We may update the jackson-databind dependency in a future release.\n\nRed Hat Satellite 6 does not enable polymorphic deserialization which is a required configuration for the vulnerability to be used. We may update the jackson-databind dependency in a future release.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "8Base-JBEAP-7.2:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-elytron-web-0:1.2.5-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el8eap.src", "8Base-JBEAP-7.2:eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el8eap.src", "8Base-JBEAP-7.2:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el8eap.src", "8Base-JBEAP-7.2:eap7-jboss-server-migration-cli-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-core-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly13.0-server-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly14.0-server-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-resteasy-atom-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-cdi-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-client-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-client-microprofile-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-crypto-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-jackson-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-jackson2-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-jaxb-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-jaxrs-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-jettison-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-jose-jwt-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-jsapi-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-json-binding-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-json-p-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-multipart-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-rxjava2-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-spring-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-validator-provider-11-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-yaml-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-undertow-server-0:1.2.5-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el8eap.src", "8Base-JBEAP-7.2:eap7-weld-core-impl-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-weld-core-jsf-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-weld-ejb-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-weld-jta-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-weld-probe-core-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-weld-web-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el8eap.src", "8Base-JBEAP-7.2:eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-javadocs-0:7.2.9-4.GA_redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-modules-0:7.2.9-4.GA_redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el8eap.src" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2020-8840" }, { "category": "external", "summary": "RHBZ#1816330", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1816330" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2020-8840", "url": "https://www.cve.org/CVERecord?id=CVE-2020-8840" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-8840", "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-8840" } ], "release_date": "2020-03-02T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2020-09-07T12:58:06+00:00", "details": "Before applying this update, make sure all previously released errata relevant to your system have been applied.\n\nFor details about how to apply this update, see:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "8Base-JBEAP-7.2:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-elytron-web-0:1.2.5-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el8eap.src", "8Base-JBEAP-7.2:eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el8eap.src", "8Base-JBEAP-7.2:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el8eap.src", "8Base-JBEAP-7.2:eap7-jboss-server-migration-cli-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-core-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly13.0-server-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly14.0-server-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-resteasy-atom-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-cdi-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-client-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-client-microprofile-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-crypto-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-jackson-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-jackson2-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-jaxb-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-jaxrs-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-jettison-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-jose-jwt-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-jsapi-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-json-binding-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-json-p-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-multipart-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-rxjava2-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-spring-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-validator-provider-11-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-yaml-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-undertow-server-0:1.2.5-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el8eap.src", "8Base-JBEAP-7.2:eap7-weld-core-impl-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-weld-core-jsf-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-weld-ejb-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-weld-jta-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-weld-probe-core-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-weld-web-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el8eap.src", "8Base-JBEAP-7.2:eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-javadocs-0:7.2.9-4.GA_redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-modules-0:7.2.9-4.GA_redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el8eap.src" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2020:3639" } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.1, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "8Base-JBEAP-7.2:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-elytron-web-0:1.2.5-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el8eap.src", "8Base-JBEAP-7.2:eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el8eap.src", "8Base-JBEAP-7.2:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el8eap.src", "8Base-JBEAP-7.2:eap7-jboss-server-migration-cli-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-core-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly13.0-server-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly14.0-server-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-resteasy-atom-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-cdi-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-client-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-client-microprofile-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-crypto-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-jackson-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-jackson2-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-jaxb-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-jaxrs-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-jettison-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-jose-jwt-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-jsapi-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-json-binding-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-json-p-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-multipart-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-rxjava2-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-spring-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-validator-provider-11-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-yaml-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-undertow-server-0:1.2.5-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el8eap.src", "8Base-JBEAP-7.2:eap7-weld-core-impl-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-weld-core-jsf-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-weld-ejb-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-weld-jta-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-weld-probe-core-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-weld-web-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el8eap.src", "8Base-JBEAP-7.2:eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-javadocs-0:7.2.9-4.GA_redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-modules-0:7.2.9-4.GA_redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el8eap.src" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "jackson-databind: Lacks certain xbean-reflect/JNDI blocking" }, { "cve": "CVE-2020-9546", "cwe": { "id": "CWE-502", "name": "Deserialization of Untrusted Data" }, "discovery_date": "2020-03-02T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1816332" } ], "notes": [ { "category": "description", "text": "A flaw was found in jackson-databind 2.x in versions prior to 2.9.10.4. FasterXML jackson-databind 2.x mishandles the interaction between serialization gadgets and typing. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.", "title": "Vulnerability description" }, { "category": "summary", "text": "jackson-databind: Serialization gadgets in shaded-hikari-config", "title": "Vulnerability summary" }, { "category": "other", "text": "Red Hat OpenStack Platform ships OpenDaylight, which contains the vulnerable jackson-databind. However, OpenDaylight does not expose jackson-databind in a way that would make it vulnerable, lowering the impact of the vulnerability for OpenDaylight. As such, Red Hat will not be providing a fix for OpenDaylight at this time.\n\nWhile OpenShift Container Platform\u0027s elasticsearch plugins do ship the vulnerable component, it doesn\u0027t do any of the unsafe things described in https://access.redhat.com/solutions/3279231. We may update the jackson-databind dependency in a future release.\n\nRed Hat Satellite 6 does not enable polymorphic deserialization which is a required configuration for the vulnerability to be used. We may update the jackson-databind dependency in a future release.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "8Base-JBEAP-7.2:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-elytron-web-0:1.2.5-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el8eap.src", "8Base-JBEAP-7.2:eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el8eap.src", "8Base-JBEAP-7.2:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el8eap.src", "8Base-JBEAP-7.2:eap7-jboss-server-migration-cli-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-core-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly13.0-server-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly14.0-server-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-resteasy-atom-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-cdi-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-client-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-client-microprofile-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-crypto-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-jackson-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-jackson2-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-jaxb-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-jaxrs-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-jettison-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-jose-jwt-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-jsapi-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-json-binding-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-json-p-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-multipart-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-rxjava2-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-spring-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-validator-provider-11-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-yaml-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-undertow-server-0:1.2.5-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el8eap.src", "8Base-JBEAP-7.2:eap7-weld-core-impl-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-weld-core-jsf-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-weld-ejb-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-weld-jta-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-weld-probe-core-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-weld-web-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el8eap.src", "8Base-JBEAP-7.2:eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-javadocs-0:7.2.9-4.GA_redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-modules-0:7.2.9-4.GA_redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el8eap.src" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2020-9546" }, { "category": "external", "summary": "RHBZ#1816332", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1816332" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2020-9546", "url": "https://www.cve.org/CVERecord?id=CVE-2020-9546" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-9546", "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-9546" } ], "release_date": "2020-03-02T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2020-09-07T12:58:06+00:00", "details": "Before applying this update, make sure all previously released errata relevant to your system have been applied.\n\nFor details about how to apply this update, see:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "8Base-JBEAP-7.2:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-elytron-web-0:1.2.5-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el8eap.src", "8Base-JBEAP-7.2:eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el8eap.src", "8Base-JBEAP-7.2:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el8eap.src", "8Base-JBEAP-7.2:eap7-jboss-server-migration-cli-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-core-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly13.0-server-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly14.0-server-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-resteasy-atom-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-cdi-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-client-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-client-microprofile-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-crypto-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-jackson-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-jackson2-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-jaxb-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-jaxrs-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-jettison-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-jose-jwt-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-jsapi-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-json-binding-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-json-p-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-multipart-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-rxjava2-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-spring-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-validator-provider-11-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-yaml-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-undertow-server-0:1.2.5-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el8eap.src", "8Base-JBEAP-7.2:eap7-weld-core-impl-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-weld-core-jsf-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-weld-ejb-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-weld-jta-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-weld-probe-core-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-weld-web-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el8eap.src", "8Base-JBEAP-7.2:eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-javadocs-0:7.2.9-4.GA_redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-modules-0:7.2.9-4.GA_redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el8eap.src" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2020:3639" } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.1, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "8Base-JBEAP-7.2:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-elytron-web-0:1.2.5-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el8eap.src", "8Base-JBEAP-7.2:eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el8eap.src", "8Base-JBEAP-7.2:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el8eap.src", "8Base-JBEAP-7.2:eap7-jboss-server-migration-cli-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-core-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly13.0-server-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly14.0-server-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-resteasy-atom-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-cdi-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-client-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-client-microprofile-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-crypto-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-jackson-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-jackson2-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-jaxb-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-jaxrs-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-jettison-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-jose-jwt-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-jsapi-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-json-binding-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-json-p-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-multipart-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-rxjava2-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-spring-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-validator-provider-11-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-yaml-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-undertow-server-0:1.2.5-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el8eap.src", "8Base-JBEAP-7.2:eap7-weld-core-impl-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-weld-core-jsf-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-weld-ejb-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-weld-jta-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-weld-probe-core-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-weld-web-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el8eap.src", "8Base-JBEAP-7.2:eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-javadocs-0:7.2.9-4.GA_redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-modules-0:7.2.9-4.GA_redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el8eap.src" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "jackson-databind: Serialization gadgets in shaded-hikari-config" }, { "cve": "CVE-2020-9547", "cwe": { "id": "CWE-502", "name": "Deserialization of Untrusted Data" }, "discovery_date": "2020-03-02T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1816337" } ], "notes": [ { "category": "description", "text": "A flaw was found in jackson-databind 2.x. FasterXML jackson-databind 2.x mishandles the interaction between serialization gadgets and typing. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.", "title": "Vulnerability description" }, { "category": "summary", "text": "jackson-databind: Serialization gadgets in ibatis-sqlmap", "title": "Vulnerability summary" }, { "category": "other", "text": "Red Hat OpenStack Platform ships OpenDaylight, which contains the vulnerable jackson-databind. However, OpenDaylight does not expose jackson-databind in a way that would make it vulnerable, lowering the impact of the vulnerability for OpenDaylight. As such, Red Hat will not be providing a fix for OpenDaylight at this time.\n\nWhile OpenShift Container Platform\u0027s elasticsearch plugins do ship the vulnerable component, it doesn\u0027t do any of the unsafe things described in https://access.redhat.com/solutions/3279231. We may update the jackson-databind dependency in a future release.\n\nRed Hat Satellite 6 does not enable polymorphic deserialization which is a required configuration for the vulnerability to be used. We may update the jackson-databind dependency in a future release.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "8Base-JBEAP-7.2:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-elytron-web-0:1.2.5-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el8eap.src", "8Base-JBEAP-7.2:eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el8eap.src", "8Base-JBEAP-7.2:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el8eap.src", "8Base-JBEAP-7.2:eap7-jboss-server-migration-cli-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-core-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly13.0-server-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly14.0-server-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-resteasy-atom-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-cdi-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-client-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-client-microprofile-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-crypto-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-jackson-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-jackson2-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-jaxb-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-jaxrs-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-jettison-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-jose-jwt-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-jsapi-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-json-binding-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-json-p-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-multipart-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-rxjava2-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-spring-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-validator-provider-11-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-yaml-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-undertow-server-0:1.2.5-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el8eap.src", "8Base-JBEAP-7.2:eap7-weld-core-impl-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-weld-core-jsf-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-weld-ejb-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-weld-jta-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-weld-probe-core-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-weld-web-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el8eap.src", "8Base-JBEAP-7.2:eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-javadocs-0:7.2.9-4.GA_redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-modules-0:7.2.9-4.GA_redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el8eap.src" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2020-9547" }, { "category": "external", "summary": "RHBZ#1816337", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1816337" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2020-9547", "url": "https://www.cve.org/CVERecord?id=CVE-2020-9547" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-9547", "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-9547" } ], "release_date": "2020-03-02T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2020-09-07T12:58:06+00:00", "details": "Before applying this update, make sure all previously released errata relevant to your system have been applied.\n\nFor details about how to apply this update, see:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "8Base-JBEAP-7.2:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-elytron-web-0:1.2.5-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el8eap.src", "8Base-JBEAP-7.2:eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el8eap.src", "8Base-JBEAP-7.2:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el8eap.src", "8Base-JBEAP-7.2:eap7-jboss-server-migration-cli-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-core-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly13.0-server-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly14.0-server-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-resteasy-atom-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-cdi-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-client-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-client-microprofile-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-crypto-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-jackson-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-jackson2-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-jaxb-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-jaxrs-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-jettison-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-jose-jwt-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-jsapi-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-json-binding-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-json-p-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-multipart-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-rxjava2-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-spring-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-validator-provider-11-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-yaml-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-undertow-server-0:1.2.5-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el8eap.src", "8Base-JBEAP-7.2:eap7-weld-core-impl-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-weld-core-jsf-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-weld-ejb-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-weld-jta-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-weld-probe-core-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-weld-web-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el8eap.src", "8Base-JBEAP-7.2:eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-javadocs-0:7.2.9-4.GA_redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-modules-0:7.2.9-4.GA_redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el8eap.src" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2020:3639" } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.1, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "8Base-JBEAP-7.2:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-elytron-web-0:1.2.5-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el8eap.src", "8Base-JBEAP-7.2:eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el8eap.src", "8Base-JBEAP-7.2:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el8eap.src", "8Base-JBEAP-7.2:eap7-jboss-server-migration-cli-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-core-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly13.0-server-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly14.0-server-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-resteasy-atom-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-cdi-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-client-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-client-microprofile-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-crypto-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-jackson-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-jackson2-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-jaxb-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-jaxrs-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-jettison-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-jose-jwt-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-jsapi-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-json-binding-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-json-p-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-multipart-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-rxjava2-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-spring-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-validator-provider-11-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-yaml-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-undertow-server-0:1.2.5-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el8eap.src", "8Base-JBEAP-7.2:eap7-weld-core-impl-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-weld-core-jsf-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-weld-ejb-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-weld-jta-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-weld-probe-core-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-weld-web-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el8eap.src", "8Base-JBEAP-7.2:eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-javadocs-0:7.2.9-4.GA_redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-modules-0:7.2.9-4.GA_redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el8eap.src" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "jackson-databind: Serialization gadgets in ibatis-sqlmap" }, { "cve": "CVE-2020-9548", "cwe": { "id": "CWE-502", "name": "Deserialization of Untrusted Data" }, "discovery_date": "2020-03-02T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1816340" } ], "notes": [ { "category": "description", "text": "A flaw was found in jackson-databind 2.x. FasterXML jackson-databind 2.x mishandles the interaction between serialization gadgets and typing. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.", "title": "Vulnerability description" }, { "category": "summary", "text": "jackson-databind: Serialization gadgets in anteros-core", "title": "Vulnerability summary" }, { "category": "other", "text": "Red Hat OpenStack Platform ships OpenDaylight, which contains the vulnerable jackson-databind. However, OpenDaylight does not expose jackson-databind in a way that would make it vulnerable, lowering the impact of the vulnerability for OpenDaylight. As such, Red Hat will not be providing a fix for OpenDaylight at this time.\n\nWhile OpenShift Container Platform\u0027s elasticsearch plugins do ship the vulnerable component, it doesn\u0027t do any of the unsafe things described in https://access.redhat.com/solutions/3279231. We may update the jackson-databind dependency in a future release.\n\nRed Hat Satellite 6 does not enable polymorphic deserialization which is a required configuration for the vulnerability to be used. We may update the jackson-databind dependency in a future release.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "8Base-JBEAP-7.2:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-elytron-web-0:1.2.5-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el8eap.src", "8Base-JBEAP-7.2:eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el8eap.src", "8Base-JBEAP-7.2:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el8eap.src", "8Base-JBEAP-7.2:eap7-jboss-server-migration-cli-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-core-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly13.0-server-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly14.0-server-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-resteasy-atom-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-cdi-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-client-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-client-microprofile-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-crypto-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-jackson-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-jackson2-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-jaxb-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-jaxrs-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-jettison-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-jose-jwt-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-jsapi-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-json-binding-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-json-p-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-multipart-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-rxjava2-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-spring-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-validator-provider-11-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-yaml-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-undertow-server-0:1.2.5-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el8eap.src", "8Base-JBEAP-7.2:eap7-weld-core-impl-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-weld-core-jsf-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-weld-ejb-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-weld-jta-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-weld-probe-core-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-weld-web-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el8eap.src", "8Base-JBEAP-7.2:eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-javadocs-0:7.2.9-4.GA_redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-modules-0:7.2.9-4.GA_redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el8eap.src" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2020-9548" }, { "category": "external", "summary": "RHBZ#1816340", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1816340" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2020-9548", "url": "https://www.cve.org/CVERecord?id=CVE-2020-9548" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-9548", "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-9548" } ], "release_date": "2020-03-02T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2020-09-07T12:58:06+00:00", "details": "Before applying this update, make sure all previously released errata relevant to your system have been applied.\n\nFor details about how to apply this update, see:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "8Base-JBEAP-7.2:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-elytron-web-0:1.2.5-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el8eap.src", "8Base-JBEAP-7.2:eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el8eap.src", "8Base-JBEAP-7.2:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el8eap.src", "8Base-JBEAP-7.2:eap7-jboss-server-migration-cli-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-core-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly13.0-server-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly14.0-server-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-resteasy-atom-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-cdi-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-client-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-client-microprofile-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-crypto-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-jackson-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-jackson2-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-jaxb-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-jaxrs-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-jettison-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-jose-jwt-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-jsapi-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-json-binding-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-json-p-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-multipart-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-rxjava2-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-spring-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-validator-provider-11-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-yaml-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-undertow-server-0:1.2.5-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el8eap.src", "8Base-JBEAP-7.2:eap7-weld-core-impl-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-weld-core-jsf-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-weld-ejb-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-weld-jta-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-weld-probe-core-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-weld-web-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el8eap.src", "8Base-JBEAP-7.2:eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-javadocs-0:7.2.9-4.GA_redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-modules-0:7.2.9-4.GA_redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el8eap.src" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2020:3639" } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.1, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "8Base-JBEAP-7.2:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-elytron-web-0:1.2.5-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el8eap.src", "8Base-JBEAP-7.2:eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el8eap.src", "8Base-JBEAP-7.2:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el8eap.src", "8Base-JBEAP-7.2:eap7-jboss-server-migration-cli-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-core-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly13.0-server-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly14.0-server-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-resteasy-atom-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-cdi-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-client-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-client-microprofile-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-crypto-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-jackson-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-jackson2-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-jaxb-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-jaxrs-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-jettison-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-jose-jwt-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-jsapi-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-json-binding-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-json-p-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-multipart-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-rxjava2-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-spring-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-validator-provider-11-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-yaml-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-undertow-server-0:1.2.5-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el8eap.src", "8Base-JBEAP-7.2:eap7-weld-core-impl-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-weld-core-jsf-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-weld-ejb-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-weld-jta-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-weld-probe-core-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-weld-web-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el8eap.src", "8Base-JBEAP-7.2:eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-javadocs-0:7.2.9-4.GA_redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-modules-0:7.2.9-4.GA_redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el8eap.src" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "jackson-databind: Serialization gadgets in anteros-core" }, { "cve": "CVE-2020-10672", "cwe": { "id": "CWE-96", "name": "Improper Neutralization of Directives in Statically Saved Code (\u0027Static Code Injection\u0027)" }, "discovery_date": "2020-03-19T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1815495" } ], "notes": [ { "category": "description", "text": "A flaw was found in jackson-databind 2.x in versions prior to 2.9.10.4. FasterXML jackson-databind 2.x mishandles the interaction between serialization gadgets and typing. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.", "title": "Vulnerability description" }, { "category": "summary", "text": "jackson-databind: mishandles the interaction between serialization gadgets and typing which could result in remote command execution", "title": "Vulnerability summary" }, { "category": "other", "text": "Red Hat OpenStack Platform ships OpenDaylight, which contains the vulnerable jackson-databind. However, OpenDaylight does not expose jackson-databind in a way that would make it vulnerable, lowering the impact of the vulnerability for OpenDaylight. As such, Red Hat will not be providing a fix for OpenDaylight at this time.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "8Base-JBEAP-7.2:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-elytron-web-0:1.2.5-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el8eap.src", "8Base-JBEAP-7.2:eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el8eap.src", "8Base-JBEAP-7.2:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el8eap.src", "8Base-JBEAP-7.2:eap7-jboss-server-migration-cli-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-core-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly13.0-server-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly14.0-server-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-resteasy-atom-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-cdi-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-client-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-client-microprofile-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-crypto-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-jackson-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-jackson2-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-jaxb-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-jaxrs-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-jettison-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-jose-jwt-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-jsapi-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-json-binding-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-json-p-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-multipart-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-rxjava2-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-spring-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-validator-provider-11-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-yaml-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-undertow-server-0:1.2.5-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el8eap.src", "8Base-JBEAP-7.2:eap7-weld-core-impl-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-weld-core-jsf-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-weld-ejb-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-weld-jta-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-weld-probe-core-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-weld-web-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el8eap.src", "8Base-JBEAP-7.2:eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-javadocs-0:7.2.9-4.GA_redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-modules-0:7.2.9-4.GA_redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el8eap.src" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2020-10672" }, { "category": "external", "summary": "RHBZ#1815495", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1815495" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2020-10672", "url": "https://www.cve.org/CVERecord?id=CVE-2020-10672" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-10672", "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-10672" } ], "release_date": "2020-03-15T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2020-09-07T12:58:06+00:00", "details": "Before applying this update, make sure all previously released errata relevant to your system have been applied.\n\nFor details about how to apply this update, see:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "8Base-JBEAP-7.2:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-elytron-web-0:1.2.5-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el8eap.src", "8Base-JBEAP-7.2:eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el8eap.src", "8Base-JBEAP-7.2:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el8eap.src", "8Base-JBEAP-7.2:eap7-jboss-server-migration-cli-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-core-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly13.0-server-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly14.0-server-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-resteasy-atom-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-cdi-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-client-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-client-microprofile-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-crypto-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-jackson-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-jackson2-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-jaxb-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-jaxrs-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-jettison-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-jose-jwt-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-jsapi-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-json-binding-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-json-p-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-multipart-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-rxjava2-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-spring-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-validator-provider-11-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-yaml-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-undertow-server-0:1.2.5-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el8eap.src", "8Base-JBEAP-7.2:eap7-weld-core-impl-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-weld-core-jsf-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-weld-ejb-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-weld-jta-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-weld-probe-core-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-weld-web-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el8eap.src", "8Base-JBEAP-7.2:eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-javadocs-0:7.2.9-4.GA_redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-modules-0:7.2.9-4.GA_redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el8eap.src" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2020:3639" } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.1, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "8Base-JBEAP-7.2:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-elytron-web-0:1.2.5-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el8eap.src", "8Base-JBEAP-7.2:eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el8eap.src", "8Base-JBEAP-7.2:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el8eap.src", "8Base-JBEAP-7.2:eap7-jboss-server-migration-cli-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-core-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly13.0-server-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly14.0-server-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-resteasy-atom-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-cdi-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-client-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-client-microprofile-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-crypto-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-jackson-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-jackson2-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-jaxb-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-jaxrs-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-jettison-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-jose-jwt-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-jsapi-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-json-binding-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-json-p-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-multipart-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-rxjava2-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-spring-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-validator-provider-11-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-yaml-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-undertow-server-0:1.2.5-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el8eap.src", "8Base-JBEAP-7.2:eap7-weld-core-impl-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-weld-core-jsf-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-weld-ejb-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-weld-jta-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-weld-probe-core-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-weld-web-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el8eap.src", "8Base-JBEAP-7.2:eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-javadocs-0:7.2.9-4.GA_redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-modules-0:7.2.9-4.GA_redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el8eap.src" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "jackson-databind: mishandles the interaction between serialization gadgets and typing which could result in remote command execution" }, { "cve": "CVE-2020-10673", "cwe": { "id": "CWE-96", "name": "Improper Neutralization of Directives in Statically Saved Code (\u0027Static Code Injection\u0027)" }, "discovery_date": "2020-03-19T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1815470" } ], "notes": [ { "category": "description", "text": "A flaw was found in jackson-databind 2.x in versions prior to 2.9.10.4. FasterXML jackson-databind 2.x mishandles the interaction between serialization gadgets and typing. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.", "title": "Vulnerability description" }, { "category": "summary", "text": "jackson-databind: mishandles the interaction between serialization gadgets and typing which could result in remote command execution", "title": "Vulnerability summary" }, { "category": "other", "text": "Red Hat OpenStack Platform ships OpenDaylight, which contains the vulnerable jackson-databind. However, OpenDaylight does not expose jackson-databind in a way that would make it vulnerable, lowering the impact of the vulnerability for OpenDaylight. As such, Red Hat will not be providing a fix for OpenDaylight at this time. Additionally, the gadget is not available within Red Hat Openstack Platform\u0027s OpenDaylight.\n\nWhile OpenShift Container Platform\u0027s elasticsearch plugins do ship the vulnerable component, it doesn\u0027t do any of the unsafe things described in https://access.redhat.com/solutions/3279231. We may update the jackson-databind dependency in a future release.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "8Base-JBEAP-7.2:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-elytron-web-0:1.2.5-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el8eap.src", "8Base-JBEAP-7.2:eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el8eap.src", "8Base-JBEAP-7.2:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el8eap.src", "8Base-JBEAP-7.2:eap7-jboss-server-migration-cli-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-core-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly13.0-server-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly14.0-server-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-resteasy-atom-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-cdi-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-client-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-client-microprofile-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-crypto-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-jackson-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-jackson2-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-jaxb-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-jaxrs-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-jettison-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-jose-jwt-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-jsapi-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-json-binding-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-json-p-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-multipart-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-rxjava2-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-spring-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-validator-provider-11-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-yaml-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-undertow-server-0:1.2.5-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el8eap.src", "8Base-JBEAP-7.2:eap7-weld-core-impl-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-weld-core-jsf-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-weld-ejb-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-weld-jta-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-weld-probe-core-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-weld-web-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el8eap.src", "8Base-JBEAP-7.2:eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-javadocs-0:7.2.9-4.GA_redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-modules-0:7.2.9-4.GA_redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el8eap.src" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2020-10673" }, { "category": "external", "summary": "RHBZ#1815470", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1815470" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2020-10673", "url": "https://www.cve.org/CVERecord?id=CVE-2020-10673" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-10673", "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-10673" } ], "release_date": "2020-03-18T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2020-09-07T12:58:06+00:00", "details": "Before applying this update, make sure all previously released errata relevant to your system have been applied.\n\nFor details about how to apply this update, see:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "8Base-JBEAP-7.2:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-elytron-web-0:1.2.5-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el8eap.src", "8Base-JBEAP-7.2:eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el8eap.src", "8Base-JBEAP-7.2:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el8eap.src", "8Base-JBEAP-7.2:eap7-jboss-server-migration-cli-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-core-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly13.0-server-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly14.0-server-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-resteasy-atom-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-cdi-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-client-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-client-microprofile-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-crypto-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-jackson-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-jackson2-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-jaxb-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-jaxrs-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-jettison-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-jose-jwt-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-jsapi-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-json-binding-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-json-p-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-multipart-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-rxjava2-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-spring-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-validator-provider-11-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-yaml-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-undertow-server-0:1.2.5-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el8eap.src", "8Base-JBEAP-7.2:eap7-weld-core-impl-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-weld-core-jsf-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-weld-ejb-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-weld-jta-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-weld-probe-core-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-weld-web-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el8eap.src", "8Base-JBEAP-7.2:eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-javadocs-0:7.2.9-4.GA_redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-modules-0:7.2.9-4.GA_redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el8eap.src" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2020:3639" } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 5.6, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L", "version": "3.1" }, "products": [ "8Base-JBEAP-7.2:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-elytron-web-0:1.2.5-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el8eap.src", "8Base-JBEAP-7.2:eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el8eap.src", "8Base-JBEAP-7.2:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el8eap.src", "8Base-JBEAP-7.2:eap7-jboss-server-migration-cli-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-core-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly13.0-server-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly14.0-server-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-resteasy-atom-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-cdi-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-client-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-client-microprofile-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-crypto-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-jackson-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-jackson2-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-jaxb-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-jaxrs-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-jettison-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-jose-jwt-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-jsapi-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-json-binding-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-json-p-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-multipart-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-rxjava2-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-spring-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-validator-provider-11-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-yaml-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-undertow-server-0:1.2.5-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el8eap.src", "8Base-JBEAP-7.2:eap7-weld-core-impl-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-weld-core-jsf-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-weld-ejb-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-weld-jta-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-weld-probe-core-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-weld-web-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el8eap.src", "8Base-JBEAP-7.2:eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-javadocs-0:7.2.9-4.GA_redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-modules-0:7.2.9-4.GA_redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el8eap.src" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "jackson-databind: mishandles the interaction between serialization gadgets and typing which could result in remote command execution" }, { "acknowledgments": [ { "names": [ "Adith Sudhakar" ] } ], "cve": "CVE-2020-10683", "cwe": { "id": "CWE-611", "name": "Improper Restriction of XML External Entity Reference" }, "discovery_date": "2019-03-28T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1694235" } ], "notes": [ { "category": "description", "text": "dom4j before 2.0.3 and 2.1.x before 2.1.3 allows external DTDs and External Entities by default, which might enable XXE attacks. However, there is popular external documentation from OWASP showing how to enable the safe, non-default behavior in any application that uses dom4j.", "title": "Vulnerability description" }, { "category": "summary", "text": "dom4j: XML External Entity vulnerability in default SAX parser", "title": "Vulnerability summary" }, { "category": "other", "text": "OpenShift Container Platform ships a vulnerable version of dom4j library. However it\u0027s used to parse configuration files, which are local disk resources. We\u0027ve rated this issue with a moderate impact for OpenShift Container Platform.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "8Base-JBEAP-7.2:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-elytron-web-0:1.2.5-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el8eap.src", "8Base-JBEAP-7.2:eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el8eap.src", "8Base-JBEAP-7.2:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el8eap.src", "8Base-JBEAP-7.2:eap7-jboss-server-migration-cli-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-core-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly13.0-server-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly14.0-server-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-resteasy-atom-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-cdi-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-client-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-client-microprofile-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-crypto-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-jackson-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-jackson2-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-jaxb-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-jaxrs-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-jettison-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-jose-jwt-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-jsapi-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-json-binding-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-json-p-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-multipart-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-rxjava2-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-spring-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-validator-provider-11-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-yaml-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-undertow-server-0:1.2.5-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el8eap.src", "8Base-JBEAP-7.2:eap7-weld-core-impl-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-weld-core-jsf-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-weld-ejb-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-weld-jta-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-weld-probe-core-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-weld-web-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el8eap.src", "8Base-JBEAP-7.2:eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-javadocs-0:7.2.9-4.GA_redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-modules-0:7.2.9-4.GA_redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el8eap.src" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2020-10683" }, { "category": "external", "summary": "RHBZ#1694235", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1694235" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2020-10683", "url": "https://www.cve.org/CVERecord?id=CVE-2020-10683" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-10683", "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-10683" } ], "release_date": "2020-04-15T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2020-09-07T12:58:06+00:00", "details": "Before applying this update, make sure all previously released errata relevant to your system have been applied.\n\nFor details about how to apply this update, see:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "8Base-JBEAP-7.2:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-elytron-web-0:1.2.5-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el8eap.src", "8Base-JBEAP-7.2:eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el8eap.src", "8Base-JBEAP-7.2:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el8eap.src", "8Base-JBEAP-7.2:eap7-jboss-server-migration-cli-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-core-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly13.0-server-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly14.0-server-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-resteasy-atom-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-cdi-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-client-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-client-microprofile-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-crypto-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-jackson-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-jackson2-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-jaxb-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-jaxrs-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-jettison-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-jose-jwt-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-jsapi-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-json-binding-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-json-p-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-multipart-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-rxjava2-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-spring-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-validator-provider-11-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-yaml-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-undertow-server-0:1.2.5-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el8eap.src", "8Base-JBEAP-7.2:eap7-weld-core-impl-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-weld-core-jsf-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-weld-ejb-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-weld-jta-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-weld-probe-core-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-weld-web-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el8eap.src", "8Base-JBEAP-7.2:eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-javadocs-0:7.2.9-4.GA_redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-modules-0:7.2.9-4.GA_redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el8eap.src" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2020:3639" } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 5.0, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:L", "version": "3.1" }, "products": [ "8Base-JBEAP-7.2:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-elytron-web-0:1.2.5-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el8eap.src", "8Base-JBEAP-7.2:eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el8eap.src", "8Base-JBEAP-7.2:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el8eap.src", "8Base-JBEAP-7.2:eap7-jboss-server-migration-cli-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-core-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly13.0-server-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly14.0-server-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-resteasy-atom-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-cdi-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-client-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-client-microprofile-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-crypto-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-jackson-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-jackson2-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-jaxb-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-jaxrs-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-jettison-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-jose-jwt-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-jsapi-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-json-binding-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-json-p-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-multipart-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-rxjava2-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-spring-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-validator-provider-11-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-yaml-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-undertow-server-0:1.2.5-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el8eap.src", "8Base-JBEAP-7.2:eap7-weld-core-impl-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-weld-core-jsf-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-weld-ejb-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-weld-jta-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-weld-probe-core-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-weld-web-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el8eap.src", "8Base-JBEAP-7.2:eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-javadocs-0:7.2.9-4.GA_redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-modules-0:7.2.9-4.GA_redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el8eap.src" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "dom4j: XML External Entity vulnerability in default SAX parser" }, { "acknowledgments": [ { "names": [ "Aaron Ogburn" ], "organization": "Red Hat", "summary": "This issue was discovered by Red Hat." } ], "cve": "CVE-2020-10687", "cwe": { "id": "CWE-444", "name": "Inconsistent Interpretation of HTTP Requests (\u0027HTTP Request/Response Smuggling\u0027)" }, "discovery_date": "2019-06-27T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1785049" } ], "notes": [ { "category": "description", "text": "A flaw was discovered in Undertow where HTTP request smuggling related to CVE-2017-2666 is possible against HTTP/1.x and HTTP/2 due to permitting invalid characters in an HTTP request. This flaw allows an attacker to poison a web-cache, perform an XSS attack, or obtain sensitive information from request other than their own.", "title": "Vulnerability description" }, { "category": "summary", "text": "Undertow: Incomplete fix for CVE-2017-2666 due to permitting invalid characters in HTTP requests", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "8Base-JBEAP-7.2:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-elytron-web-0:1.2.5-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el8eap.src", "8Base-JBEAP-7.2:eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el8eap.src", "8Base-JBEAP-7.2:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el8eap.src", "8Base-JBEAP-7.2:eap7-jboss-server-migration-cli-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-core-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly13.0-server-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly14.0-server-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-resteasy-atom-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-cdi-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-client-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-client-microprofile-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-crypto-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-jackson-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-jackson2-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-jaxb-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-jaxrs-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-jettison-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-jose-jwt-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-jsapi-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-json-binding-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-json-p-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-multipart-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-rxjava2-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-spring-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-validator-provider-11-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-yaml-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-undertow-server-0:1.2.5-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el8eap.src", "8Base-JBEAP-7.2:eap7-weld-core-impl-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-weld-core-jsf-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-weld-ejb-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-weld-jta-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-weld-probe-core-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-weld-web-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el8eap.src", "8Base-JBEAP-7.2:eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-javadocs-0:7.2.9-4.GA_redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-modules-0:7.2.9-4.GA_redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el8eap.src" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2020-10687" }, { "category": "external", "summary": "RHBZ#1785049", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1785049" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2020-10687", "url": "https://www.cve.org/CVERecord?id=CVE-2020-10687" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-10687", "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-10687" } ], "release_date": "2020-04-15T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2020-09-07T12:58:06+00:00", "details": "Before applying this update, make sure all previously released errata relevant to your system have been applied.\n\nFor details about how to apply this update, see:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "8Base-JBEAP-7.2:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-elytron-web-0:1.2.5-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el8eap.src", "8Base-JBEAP-7.2:eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el8eap.src", "8Base-JBEAP-7.2:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el8eap.src", "8Base-JBEAP-7.2:eap7-jboss-server-migration-cli-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-core-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly13.0-server-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly14.0-server-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-resteasy-atom-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-cdi-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-client-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-client-microprofile-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-crypto-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-jackson-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-jackson2-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-jaxb-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-jaxrs-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-jettison-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-jose-jwt-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-jsapi-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-json-binding-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-json-p-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-multipart-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-rxjava2-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-spring-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-validator-provider-11-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-yaml-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-undertow-server-0:1.2.5-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el8eap.src", "8Base-JBEAP-7.2:eap7-weld-core-impl-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-weld-core-jsf-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-weld-ejb-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-weld-jta-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-weld-probe-core-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-weld-web-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el8eap.src", "8Base-JBEAP-7.2:eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-javadocs-0:7.2.9-4.GA_redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-modules-0:7.2.9-4.GA_redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el8eap.src" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2020:3639" } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 4.8, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N", "version": "3.0" }, "products": [ "8Base-JBEAP-7.2:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-elytron-web-0:1.2.5-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el8eap.src", "8Base-JBEAP-7.2:eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el8eap.src", "8Base-JBEAP-7.2:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el8eap.src", "8Base-JBEAP-7.2:eap7-jboss-server-migration-cli-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-core-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly13.0-server-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly14.0-server-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-resteasy-atom-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-cdi-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-client-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-client-microprofile-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-crypto-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-jackson-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-jackson2-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-jaxb-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-jaxrs-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-jettison-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-jose-jwt-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-jsapi-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-json-binding-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-json-p-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-multipart-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-rxjava2-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-spring-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-validator-provider-11-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-yaml-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-undertow-server-0:1.2.5-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el8eap.src", "8Base-JBEAP-7.2:eap7-weld-core-impl-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-weld-core-jsf-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-weld-ejb-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-weld-jta-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-weld-probe-core-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-weld-web-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el8eap.src", "8Base-JBEAP-7.2:eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-javadocs-0:7.2.9-4.GA_redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-modules-0:7.2.9-4.GA_redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el8eap.src" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "Undertow: Incomplete fix for CVE-2017-2666 due to permitting invalid characters in HTTP requests" }, { "acknowledgments": [ { "names": [ "Alvaro Mu\u00f1oz" ], "organization": "GitHub Security Labs" } ], "cve": "CVE-2020-10693", "cwe": { "id": "CWE-20", "name": "Improper Input Validation" }, "discovery_date": "2020-02-05T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1805501" } ], "notes": [ { "category": "description", "text": "A flaw was found in Hibernate Validator version 6.1.2.Final. A bug in the message interpolation processor enables invalid EL expressions to be evaluated as if they were valid. This flaw allows attackers to bypass input sanitation (escaping, stripping) controls that developers may have put in place when handling user-controlled data in error messages.", "title": "Vulnerability description" }, { "category": "summary", "text": "hibernate-validator: Improper input validation in the interpolation of constraint error messages", "title": "Vulnerability summary" }, { "category": "other", "text": "hibernate-validator is packaged with Red Hat OpenStack Platform 13.0\u0027s OpenDaylight (ODL). However, because ODL is technical preview in this version and the flaw is moderate, Red Hat will not be releasing a fix for the OpenStack package at this time.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "8Base-JBEAP-7.2:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-elytron-web-0:1.2.5-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el8eap.src", "8Base-JBEAP-7.2:eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el8eap.src", "8Base-JBEAP-7.2:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el8eap.src", "8Base-JBEAP-7.2:eap7-jboss-server-migration-cli-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-core-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly13.0-server-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly14.0-server-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-resteasy-atom-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-cdi-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-client-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-client-microprofile-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-crypto-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-jackson-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-jackson2-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-jaxb-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-jaxrs-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-jettison-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-jose-jwt-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-jsapi-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-json-binding-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-json-p-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-multipart-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-rxjava2-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-spring-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-validator-provider-11-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-yaml-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-undertow-server-0:1.2.5-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el8eap.src", "8Base-JBEAP-7.2:eap7-weld-core-impl-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-weld-core-jsf-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-weld-ejb-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-weld-jta-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-weld-probe-core-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-weld-web-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el8eap.src", "8Base-JBEAP-7.2:eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-javadocs-0:7.2.9-4.GA_redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-modules-0:7.2.9-4.GA_redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el8eap.src" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2020-10693" }, { "category": "external", "summary": "RHBZ#1805501", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1805501" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2020-10693", "url": "https://www.cve.org/CVERecord?id=CVE-2020-10693" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-10693", "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-10693" } ], "release_date": "2020-05-05T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2020-09-07T12:58:06+00:00", "details": "Before applying this update, make sure all previously released errata relevant to your system have been applied.\n\nFor details about how to apply this update, see:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "8Base-JBEAP-7.2:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-elytron-web-0:1.2.5-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el8eap.src", "8Base-JBEAP-7.2:eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el8eap.src", "8Base-JBEAP-7.2:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el8eap.src", "8Base-JBEAP-7.2:eap7-jboss-server-migration-cli-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-core-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly13.0-server-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly14.0-server-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-resteasy-atom-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-cdi-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-client-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-client-microprofile-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-crypto-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-jackson-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-jackson2-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-jaxb-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-jaxrs-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-jettison-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-jose-jwt-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-jsapi-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-json-binding-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-json-p-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-multipart-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-rxjava2-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-spring-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-validator-provider-11-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-yaml-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-undertow-server-0:1.2.5-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el8eap.src", "8Base-JBEAP-7.2:eap7-weld-core-impl-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-weld-core-jsf-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-weld-ejb-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-weld-jta-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-weld-probe-core-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-weld-web-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el8eap.src", "8Base-JBEAP-7.2:eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-javadocs-0:7.2.9-4.GA_redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-modules-0:7.2.9-4.GA_redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el8eap.src" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2020:3639" }, { "category": "workaround", "details": "You can pass user input as an expression variable by unwrapping the context to HibernateConstraintValidatorContext. Please refer to the https://in.relation.to/2020/05/07/hibernate-validator-615-6020-released/ and https://docs.jboss.org/hibernate/stable/validator/reference/en-US/html_single/#_the_code_constraintvalidatorcontext_code.", "product_ids": [ "8Base-JBEAP-7.2:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-elytron-web-0:1.2.5-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el8eap.src", "8Base-JBEAP-7.2:eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el8eap.src", "8Base-JBEAP-7.2:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el8eap.src", "8Base-JBEAP-7.2:eap7-jboss-server-migration-cli-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-core-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly13.0-server-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly14.0-server-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-resteasy-atom-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-cdi-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-client-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-client-microprofile-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-crypto-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-jackson-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-jackson2-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-jaxb-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-jaxrs-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-jettison-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-jose-jwt-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-jsapi-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-json-binding-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-json-p-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-multipart-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-rxjava2-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-spring-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-validator-provider-11-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-yaml-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-undertow-server-0:1.2.5-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el8eap.src", "8Base-JBEAP-7.2:eap7-weld-core-impl-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-weld-core-jsf-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-weld-ejb-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-weld-jta-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-weld-probe-core-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-weld-web-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el8eap.src", "8Base-JBEAP-7.2:eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-javadocs-0:7.2.9-4.GA_redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-modules-0:7.2.9-4.GA_redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el8eap.src" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", "version": "3.1" }, "products": [ "8Base-JBEAP-7.2:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-elytron-web-0:1.2.5-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el8eap.src", "8Base-JBEAP-7.2:eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el8eap.src", "8Base-JBEAP-7.2:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el8eap.src", "8Base-JBEAP-7.2:eap7-jboss-server-migration-cli-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-core-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly13.0-server-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly14.0-server-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-resteasy-atom-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-cdi-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-client-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-client-microprofile-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-crypto-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-jackson-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-jackson2-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-jaxb-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-jaxrs-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-jettison-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-jose-jwt-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-jsapi-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-json-binding-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-json-p-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-multipart-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-rxjava2-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-spring-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-validator-provider-11-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-yaml-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-undertow-server-0:1.2.5-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el8eap.src", "8Base-JBEAP-7.2:eap7-weld-core-impl-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-weld-core-jsf-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-weld-ejb-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-weld-jta-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-weld-probe-core-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-weld-web-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el8eap.src", "8Base-JBEAP-7.2:eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-javadocs-0:7.2.9-4.GA_redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-modules-0:7.2.9-4.GA_redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el8eap.src" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "hibernate-validator: Improper input validation in the interpolation of constraint error messages" }, { "acknowledgments": [ { "names": [ "Mark Banierink" ], "organization": "Nedap" } ], "cve": "CVE-2020-10714", "cwe": { "id": "CWE-384", "name": "Session Fixation" }, "discovery_date": "2020-03-24T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1825714" } ], "notes": [ { "category": "description", "text": "A flaw was found in WildFly Elytron version 1.11.3.Final and before. When using WildFly Elytron FORM authentication with a session ID in the URL, an attacker could perform a session fixation attack. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.", "title": "Vulnerability description" }, { "category": "summary", "text": "wildfly-elytron: session fixation when using FORM authentication", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "8Base-JBEAP-7.2:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-elytron-web-0:1.2.5-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el8eap.src", "8Base-JBEAP-7.2:eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el8eap.src", "8Base-JBEAP-7.2:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el8eap.src", "8Base-JBEAP-7.2:eap7-jboss-server-migration-cli-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-core-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly13.0-server-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly14.0-server-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-resteasy-atom-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-cdi-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-client-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-client-microprofile-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-crypto-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-jackson-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-jackson2-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-jaxb-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-jaxrs-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-jettison-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-jose-jwt-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-jsapi-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-json-binding-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-json-p-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-multipart-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-rxjava2-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-spring-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-validator-provider-11-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-yaml-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-undertow-server-0:1.2.5-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el8eap.src", "8Base-JBEAP-7.2:eap7-weld-core-impl-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-weld-core-jsf-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-weld-ejb-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-weld-jta-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-weld-probe-core-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-weld-web-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el8eap.src", "8Base-JBEAP-7.2:eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-javadocs-0:7.2.9-4.GA_redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-modules-0:7.2.9-4.GA_redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el8eap.src" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2020-10714" }, { "category": "external", "summary": "RHBZ#1825714", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1825714" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2020-10714", "url": "https://www.cve.org/CVERecord?id=CVE-2020-10714" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-10714", "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-10714" } ], "release_date": "2020-04-28T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2020-09-07T12:58:06+00:00", "details": "Before applying this update, make sure all previously released errata relevant to your system have been applied.\n\nFor details about how to apply this update, see:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "8Base-JBEAP-7.2:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-elytron-web-0:1.2.5-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el8eap.src", "8Base-JBEAP-7.2:eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el8eap.src", "8Base-JBEAP-7.2:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el8eap.src", "8Base-JBEAP-7.2:eap7-jboss-server-migration-cli-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-core-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly13.0-server-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly14.0-server-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-resteasy-atom-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-cdi-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-client-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-client-microprofile-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-crypto-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-jackson-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-jackson2-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-jaxb-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-jaxrs-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-jettison-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-jose-jwt-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-jsapi-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-json-binding-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-json-p-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-multipart-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-rxjava2-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-spring-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-validator-provider-11-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-yaml-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-undertow-server-0:1.2.5-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el8eap.src", "8Base-JBEAP-7.2:eap7-weld-core-impl-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-weld-core-jsf-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-weld-ejb-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-weld-jta-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-weld-probe-core-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-weld-web-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el8eap.src", "8Base-JBEAP-7.2:eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-javadocs-0:7.2.9-4.GA_redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-modules-0:7.2.9-4.GA_redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el8eap.src" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2020:3639" }, { "category": "workaround", "details": "This attack is dependent on the attacker being able to create a session and the victim accessing the session before the session expires, we do have a 15 minute session timeout by default but the attacker could also keep this alive by say sending in a request every five minutes.\n\nThe server by default supports session tracking by URL and Cookie, if the web.xml is updated to support COOKIE only the exploit is not possible by sharing the link.\n~~~\n \u003csession-config\u003e\n \u003ctracking-mode\u003eURL\u003c/tracking-mode\u003e\n \u003c/session-config\u003e\n~~~\nTO\n~~~\n \u003csession-config\u003e\n \u003ctracking-mode\u003eCOOKIE\u003c/tracking-mode\u003e\n \u003c/session-config\u003e\n~~~", "product_ids": [ "8Base-JBEAP-7.2:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-elytron-web-0:1.2.5-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el8eap.src", "8Base-JBEAP-7.2:eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el8eap.src", "8Base-JBEAP-7.2:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el8eap.src", "8Base-JBEAP-7.2:eap7-jboss-server-migration-cli-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-core-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly13.0-server-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly14.0-server-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-resteasy-atom-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-cdi-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-client-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-client-microprofile-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-crypto-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-jackson-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-jackson2-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-jaxb-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-jaxrs-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-jettison-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-jose-jwt-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-jsapi-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-json-binding-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-json-p-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-multipart-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-rxjava2-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-spring-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-validator-provider-11-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-yaml-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-undertow-server-0:1.2.5-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el8eap.src", "8Base-JBEAP-7.2:eap7-weld-core-impl-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-weld-core-jsf-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-weld-ejb-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-weld-jta-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-weld-probe-core-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-weld-web-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el8eap.src", "8Base-JBEAP-7.2:eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-javadocs-0:7.2.9-4.GA_redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-modules-0:7.2.9-4.GA_redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el8eap.src" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "8Base-JBEAP-7.2:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-elytron-web-0:1.2.5-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el8eap.src", "8Base-JBEAP-7.2:eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el8eap.src", "8Base-JBEAP-7.2:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el8eap.src", "8Base-JBEAP-7.2:eap7-jboss-server-migration-cli-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-core-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly13.0-server-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly14.0-server-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-resteasy-atom-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-cdi-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-client-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-client-microprofile-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-crypto-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-jackson-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-jackson2-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-jaxb-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-jaxrs-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-jettison-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-jose-jwt-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-jsapi-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-json-binding-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-json-p-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-multipart-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-rxjava2-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-spring-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-validator-provider-11-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-yaml-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-undertow-server-0:1.2.5-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el8eap.src", "8Base-JBEAP-7.2:eap7-weld-core-impl-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-weld-core-jsf-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-weld-ejb-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-weld-jta-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-weld-probe-core-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-weld-web-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el8eap.src", "8Base-JBEAP-7.2:eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-javadocs-0:7.2.9-4.GA_redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-modules-0:7.2.9-4.GA_redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el8eap.src" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "wildfly-elytron: session fixation when using FORM authentication" }, { "acknowledgments": [ { "names": [ "James R. Perkins" ], "organization": "Red Hat", "summary": "This issue was discovered by Red Hat." } ], "cve": "CVE-2020-10718", "cwe": { "id": "CWE-749", "name": "Exposed Dangerous Method or Function" }, "discovery_date": "2020-03-09T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1828476" } ], "notes": [ { "category": "description", "text": "A flaw was found in Wildfly, where the embedded managed process API has an exposed setting of the Thread Context Classloader (TCCL). This setting is exposed as a public method, which can bypass the security manager. The highest threat from this vulnerability is to confidentiality.", "title": "Vulnerability description" }, { "category": "summary", "text": "wildfly: exposed setting of TCCL via the EmbeddedManagedProcess API", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "8Base-JBEAP-7.2:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-elytron-web-0:1.2.5-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el8eap.src", "8Base-JBEAP-7.2:eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el8eap.src", "8Base-JBEAP-7.2:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el8eap.src", "8Base-JBEAP-7.2:eap7-jboss-server-migration-cli-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-core-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly13.0-server-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly14.0-server-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-resteasy-atom-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-cdi-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-client-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-client-microprofile-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-crypto-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-jackson-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-jackson2-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-jaxb-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-jaxrs-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-jettison-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-jose-jwt-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-jsapi-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-json-binding-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-json-p-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-multipart-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-rxjava2-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-spring-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-validator-provider-11-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-yaml-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-undertow-server-0:1.2.5-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el8eap.src", "8Base-JBEAP-7.2:eap7-weld-core-impl-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-weld-core-jsf-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-weld-ejb-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-weld-jta-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-weld-probe-core-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-weld-web-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el8eap.src", "8Base-JBEAP-7.2:eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-javadocs-0:7.2.9-4.GA_redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-modules-0:7.2.9-4.GA_redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el8eap.src" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2020-10718" }, { "category": "external", "summary": "RHBZ#1828476", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1828476" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2020-10718", "url": "https://www.cve.org/CVERecord?id=CVE-2020-10718" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-10718", "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-10718" } ], "release_date": "2020-08-06T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2020-09-07T12:58:06+00:00", "details": "Before applying this update, make sure all previously released errata relevant to your system have been applied.\n\nFor details about how to apply this update, see:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "8Base-JBEAP-7.2:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-elytron-web-0:1.2.5-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el8eap.src", "8Base-JBEAP-7.2:eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el8eap.src", "8Base-JBEAP-7.2:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el8eap.src", "8Base-JBEAP-7.2:eap7-jboss-server-migration-cli-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-core-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly13.0-server-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly14.0-server-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-resteasy-atom-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-cdi-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-client-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-client-microprofile-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-crypto-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-jackson-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-jackson2-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-jaxb-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-jaxrs-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-jettison-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-jose-jwt-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-jsapi-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-json-binding-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-json-p-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-multipart-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-rxjava2-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-spring-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-validator-provider-11-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-yaml-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-undertow-server-0:1.2.5-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el8eap.src", "8Base-JBEAP-7.2:eap7-weld-core-impl-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-weld-core-jsf-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-weld-ejb-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-weld-jta-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-weld-probe-core-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-weld-web-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el8eap.src", "8Base-JBEAP-7.2:eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-javadocs-0:7.2.9-4.GA_redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-modules-0:7.2.9-4.GA_redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el8eap.src" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2020:3639" } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.9, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.1" }, "products": [ "8Base-JBEAP-7.2:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-elytron-web-0:1.2.5-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el8eap.src", "8Base-JBEAP-7.2:eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el8eap.src", "8Base-JBEAP-7.2:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el8eap.src", "8Base-JBEAP-7.2:eap7-jboss-server-migration-cli-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-core-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly13.0-server-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly14.0-server-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-resteasy-atom-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-cdi-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-client-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-client-microprofile-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-crypto-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-jackson-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-jackson2-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-jaxb-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-jaxrs-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-jettison-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-jose-jwt-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-jsapi-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-json-binding-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-json-p-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-multipart-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-rxjava2-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-spring-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-validator-provider-11-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-yaml-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-undertow-server-0:1.2.5-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el8eap.src", "8Base-JBEAP-7.2:eap7-weld-core-impl-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-weld-core-jsf-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-weld-ejb-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-weld-jta-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-weld-probe-core-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-weld-web-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el8eap.src", "8Base-JBEAP-7.2:eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-javadocs-0:7.2.9-4.GA_redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-modules-0:7.2.9-4.GA_redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el8eap.src" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "wildfly: exposed setting of TCCL via the EmbeddedManagedProcess API" }, { "acknowledgments": [ { "names": [ "Moritz Bechler" ], "organization": "SySS GmbH" } ], "cve": "CVE-2020-10740", "cwe": { "id": "CWE-502", "name": "Deserialization of Untrusted Data" }, "discovery_date": "2020-03-25T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1834512" } ], "notes": [ { "category": "description", "text": "A flaw was found in Wildfly. A remote deserialization attack is possible in the Enterprise Application Beans (EJB) due to lack of validation/filtering capabilities in wildfly. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availablity.", "title": "Vulnerability description" }, { "category": "summary", "text": "wildfly: unsafe deserialization in Wildfly Enterprise Java Beans", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "8Base-JBEAP-7.2:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-elytron-web-0:1.2.5-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el8eap.src", "8Base-JBEAP-7.2:eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el8eap.src", "8Base-JBEAP-7.2:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el8eap.src", "8Base-JBEAP-7.2:eap7-jboss-server-migration-cli-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-core-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly13.0-server-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly14.0-server-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-resteasy-atom-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-cdi-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-client-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-client-microprofile-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-crypto-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-jackson-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-jackson2-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-jaxb-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-jaxrs-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-jettison-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-jose-jwt-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-jsapi-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-json-binding-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-json-p-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-multipart-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-rxjava2-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-spring-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-validator-provider-11-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-yaml-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-undertow-server-0:1.2.5-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el8eap.src", "8Base-JBEAP-7.2:eap7-weld-core-impl-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-weld-core-jsf-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-weld-ejb-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-weld-jta-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-weld-probe-core-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-weld-web-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el8eap.src", "8Base-JBEAP-7.2:eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-javadocs-0:7.2.9-4.GA_redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-modules-0:7.2.9-4.GA_redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el8eap.src" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2020-10740" }, { "category": "external", "summary": "RHBZ#1834512", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1834512" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2020-10740", "url": "https://www.cve.org/CVERecord?id=CVE-2020-10740" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-10740", "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-10740" } ], "release_date": "2020-06-02T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2020-09-07T12:58:06+00:00", "details": "Before applying this update, make sure all previously released errata relevant to your system have been applied.\n\nFor details about how to apply this update, see:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "8Base-JBEAP-7.2:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-elytron-web-0:1.2.5-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el8eap.src", "8Base-JBEAP-7.2:eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el8eap.src", "8Base-JBEAP-7.2:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el8eap.src", "8Base-JBEAP-7.2:eap7-jboss-server-migration-cli-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-core-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly13.0-server-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly14.0-server-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-resteasy-atom-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-cdi-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-client-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-client-microprofile-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-crypto-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-jackson-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-jackson2-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-jaxb-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-jaxrs-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-jettison-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-jose-jwt-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-jsapi-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-json-binding-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-json-p-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-multipart-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-rxjava2-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-spring-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-validator-provider-11-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-yaml-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-undertow-server-0:1.2.5-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el8eap.src", "8Base-JBEAP-7.2:eap7-weld-core-impl-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-weld-core-jsf-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-weld-ejb-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-weld-jta-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-weld-probe-core-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-weld-web-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el8eap.src", "8Base-JBEAP-7.2:eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-javadocs-0:7.2.9-4.GA_redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-modules-0:7.2.9-4.GA_redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el8eap.src" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2020:3639" }, { "category": "workaround", "details": "There is currently no known mitigation for this issue.", "product_ids": [ "8Base-JBEAP-7.2:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-elytron-web-0:1.2.5-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el8eap.src", "8Base-JBEAP-7.2:eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el8eap.src", "8Base-JBEAP-7.2:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el8eap.src", "8Base-JBEAP-7.2:eap7-jboss-server-migration-cli-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-core-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly13.0-server-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly14.0-server-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-resteasy-atom-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-cdi-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-client-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-client-microprofile-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-crypto-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-jackson-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-jackson2-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-jaxb-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-jaxrs-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-jettison-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-jose-jwt-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-jsapi-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-json-binding-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-json-p-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-multipart-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-rxjava2-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-spring-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-validator-provider-11-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-yaml-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-undertow-server-0:1.2.5-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el8eap.src", "8Base-JBEAP-7.2:eap7-weld-core-impl-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-weld-core-jsf-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-weld-ejb-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-weld-jta-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-weld-probe-core-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-weld-web-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el8eap.src", "8Base-JBEAP-7.2:eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-javadocs-0:7.2.9-4.GA_redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-modules-0:7.2.9-4.GA_redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el8eap.src" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "8Base-JBEAP-7.2:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-elytron-web-0:1.2.5-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el8eap.src", "8Base-JBEAP-7.2:eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el8eap.src", "8Base-JBEAP-7.2:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el8eap.src", "8Base-JBEAP-7.2:eap7-jboss-server-migration-cli-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-core-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly13.0-server-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly14.0-server-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-resteasy-atom-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-cdi-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-client-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-client-microprofile-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-crypto-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-jackson-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-jackson2-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-jaxb-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-jaxrs-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-jettison-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-jose-jwt-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-jsapi-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-json-binding-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-json-p-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-multipart-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-rxjava2-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-spring-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-validator-provider-11-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-yaml-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-undertow-server-0:1.2.5-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el8eap.src", "8Base-JBEAP-7.2:eap7-weld-core-impl-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-weld-core-jsf-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-weld-ejb-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-weld-jta-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-weld-probe-core-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-weld-web-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el8eap.src", "8Base-JBEAP-7.2:eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-javadocs-0:7.2.9-4.GA_redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-modules-0:7.2.9-4.GA_redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el8eap.src" ] } ], "threats": [ { "category": "impact", "details": "Important" } ], "title": "wildfly: unsafe deserialization in Wildfly Enterprise Java Beans" }, { "cve": "CVE-2020-14297", "cwe": { "id": "CWE-400", "name": "Uncontrolled Resource Consumption" }, "discovery_date": "2020-07-01T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1853595" } ], "notes": [ { "category": "description", "text": "A flaw was found in Wildfly\u0027s EJB Client, where the accumulation of specific EJB transaction objects over time can cause services to slow down and eventually become unavailable. This flaw allows an attacker to cause a denial of service. The highest threat from this vulnerability is to system availability.", "title": "Vulnerability description" }, { "category": "summary", "text": "wildfly: Some EJB transaction objects may get accumulated causing Denial of Service", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "8Base-JBEAP-7.2:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-elytron-web-0:1.2.5-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el8eap.src", "8Base-JBEAP-7.2:eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el8eap.src", "8Base-JBEAP-7.2:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el8eap.src", "8Base-JBEAP-7.2:eap7-jboss-server-migration-cli-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-core-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly13.0-server-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly14.0-server-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-resteasy-atom-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-cdi-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-client-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-client-microprofile-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-crypto-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-jackson-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-jackson2-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-jaxb-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-jaxrs-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-jettison-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-jose-jwt-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-jsapi-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-json-binding-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-json-p-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-multipart-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-rxjava2-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-spring-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-validator-provider-11-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-yaml-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-undertow-server-0:1.2.5-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el8eap.src", "8Base-JBEAP-7.2:eap7-weld-core-impl-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-weld-core-jsf-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-weld-ejb-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-weld-jta-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-weld-probe-core-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-weld-web-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el8eap.src", "8Base-JBEAP-7.2:eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-javadocs-0:7.2.9-4.GA_redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-modules-0:7.2.9-4.GA_redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el8eap.src" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2020-14297" }, { "category": "external", "summary": "RHBZ#1853595", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1853595" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2020-14297", "url": "https://www.cve.org/CVERecord?id=CVE-2020-14297" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-14297", "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-14297" } ], "release_date": "2020-07-23T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2020-09-07T12:58:06+00:00", "details": "Before applying this update, make sure all previously released errata relevant to your system have been applied.\n\nFor details about how to apply this update, see:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "8Base-JBEAP-7.2:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-elytron-web-0:1.2.5-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el8eap.src", "8Base-JBEAP-7.2:eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el8eap.src", "8Base-JBEAP-7.2:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el8eap.src", "8Base-JBEAP-7.2:eap7-jboss-server-migration-cli-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-core-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly13.0-server-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly14.0-server-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-resteasy-atom-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-cdi-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-client-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-client-microprofile-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-crypto-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-jackson-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-jackson2-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-jaxb-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-jaxrs-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-jettison-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-jose-jwt-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-jsapi-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-json-binding-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-json-p-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-multipart-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-rxjava2-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-spring-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-validator-provider-11-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-yaml-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-undertow-server-0:1.2.5-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el8eap.src", "8Base-JBEAP-7.2:eap7-weld-core-impl-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-weld-core-jsf-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-weld-ejb-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-weld-jta-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-weld-probe-core-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-weld-web-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el8eap.src", "8Base-JBEAP-7.2:eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-javadocs-0:7.2.9-4.GA_redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-modules-0:7.2.9-4.GA_redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el8eap.src" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2020:3639" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "8Base-JBEAP-7.2:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-elytron-web-0:1.2.5-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el8eap.src", "8Base-JBEAP-7.2:eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el8eap.src", "8Base-JBEAP-7.2:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el8eap.src", "8Base-JBEAP-7.2:eap7-jboss-server-migration-cli-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-core-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly13.0-server-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly14.0-server-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-resteasy-atom-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-cdi-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-client-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-client-microprofile-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-crypto-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-jackson-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-jackson2-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-jaxb-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-jaxrs-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-jettison-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-jose-jwt-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-jsapi-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-json-binding-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-json-p-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-multipart-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-rxjava2-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-spring-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-validator-provider-11-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-yaml-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-undertow-server-0:1.2.5-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el8eap.src", "8Base-JBEAP-7.2:eap7-weld-core-impl-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-weld-core-jsf-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-weld-ejb-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-weld-jta-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-weld-probe-core-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-weld-web-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el8eap.src", "8Base-JBEAP-7.2:eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-javadocs-0:7.2.9-4.GA_redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-modules-0:7.2.9-4.GA_redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el8eap.src" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "wildfly: Some EJB transaction objects may get accumulated causing Denial of Service" }, { "cve": "CVE-2020-14307", "cwe": { "id": "CWE-404", "name": "Improper Resource Shutdown or Release" }, "discovery_date": "2020-06-19T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1851327" } ], "notes": [ { "category": "description", "text": "A vulnerability was found in Wildfly\u0027s Enterprise Java Beans (EJB), where SessionOpenInvocations are never removed from the remote InvocationTracker after a response is received in the EJB Client, as well as the server. This flaw allows an attacker to craft a denial of service attack to make the service unavailable.", "title": "Vulnerability description" }, { "category": "summary", "text": "wildfly: EJB SessionOpenInvocations may not be removed properly after a response is received causing Denial of Service", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "8Base-JBEAP-7.2:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-elytron-web-0:1.2.5-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el8eap.src", "8Base-JBEAP-7.2:eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el8eap.src", "8Base-JBEAP-7.2:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el8eap.src", "8Base-JBEAP-7.2:eap7-jboss-server-migration-cli-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-core-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly13.0-server-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly14.0-server-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-resteasy-atom-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-cdi-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-client-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-client-microprofile-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-crypto-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-jackson-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-jackson2-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-jaxb-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-jaxrs-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-jettison-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-jose-jwt-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-jsapi-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-json-binding-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-json-p-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-multipart-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-rxjava2-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-spring-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-validator-provider-11-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-yaml-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-undertow-server-0:1.2.5-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el8eap.src", "8Base-JBEAP-7.2:eap7-weld-core-impl-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-weld-core-jsf-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-weld-ejb-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-weld-jta-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-weld-probe-core-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-weld-web-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el8eap.src", "8Base-JBEAP-7.2:eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-javadocs-0:7.2.9-4.GA_redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-modules-0:7.2.9-4.GA_redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el8eap.src" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2020-14307" }, { "category": "external", "summary": "RHBZ#1851327", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1851327" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2020-14307", "url": "https://www.cve.org/CVERecord?id=CVE-2020-14307" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-14307", "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-14307" } ], "release_date": "2020-07-23T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2020-09-07T12:58:06+00:00", "details": "Before applying this update, make sure all previously released errata relevant to your system have been applied.\n\nFor details about how to apply this update, see:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "8Base-JBEAP-7.2:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-elytron-web-0:1.2.5-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el8eap.src", "8Base-JBEAP-7.2:eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el8eap.src", "8Base-JBEAP-7.2:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el8eap.src", "8Base-JBEAP-7.2:eap7-jboss-server-migration-cli-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-core-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly13.0-server-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly14.0-server-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-resteasy-atom-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-cdi-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-client-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-client-microprofile-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-crypto-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-jackson-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-jackson2-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-jaxb-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-jaxrs-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-jettison-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-jose-jwt-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-jsapi-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-json-binding-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-json-p-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-multipart-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-rxjava2-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-spring-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-validator-provider-11-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-yaml-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-undertow-server-0:1.2.5-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el8eap.src", "8Base-JBEAP-7.2:eap7-weld-core-impl-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-weld-core-jsf-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-weld-ejb-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-weld-jta-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-weld-probe-core-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-weld-web-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el8eap.src", "8Base-JBEAP-7.2:eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-javadocs-0:7.2.9-4.GA_redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-modules-0:7.2.9-4.GA_redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el8eap.src" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2020:3639" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "8Base-JBEAP-7.2:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-elytron-web-0:1.2.5-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el8eap.src", "8Base-JBEAP-7.2:eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el8eap.src", "8Base-JBEAP-7.2:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el8eap.src", "8Base-JBEAP-7.2:eap7-jboss-server-migration-cli-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-core-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly13.0-server-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly14.0-server-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-resteasy-atom-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-cdi-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-client-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-client-microprofile-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-crypto-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-jackson-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-jackson2-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-jaxb-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-jaxrs-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-jettison-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-jose-jwt-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-jsapi-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-json-binding-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-json-p-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-multipart-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-rxjava2-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-spring-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-validator-provider-11-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-yaml-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-undertow-server-0:1.2.5-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el8eap.src", "8Base-JBEAP-7.2:eap7-weld-core-impl-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-weld-core-jsf-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-weld-ejb-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-weld-jta-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-weld-probe-core-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-weld-web-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el8eap.src", "8Base-JBEAP-7.2:eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-javadocs-0:7.2.9-4.GA_redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-modules-0:7.2.9-4.GA_redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el8eap.src" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "wildfly: EJB SessionOpenInvocations may not be removed properly after a response is received causing Denial of Service" } ] }
rhsa-2021_3140
Vulnerability from csaf_redhat
Published
2021-08-11 18:21
Modified
2024-11-05 23:50
Summary
Red Hat Security Advisory: Red Hat Fuse 7.9.0 release and security update
Notes
Topic
A minor version update (from 7.8 to 7.9) is now available for Red Hat Fuse. The purpose of this text-only errata is to inform you about the security issues fixed in this release.
Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details
This release of Red Hat Fuse 7.9.0 serves as a replacement for Red Hat Fuse 7.8, and includes bug fixes and enhancements, which are documented in the Release Notes document linked to in the References.
Security Fix(es):
* hawtio-osgi (CVE-2017-5645)
* prometheus-jmx-exporter: snakeyaml (CVE-2017-18640)
* apache-commons-compress (CVE-2019-12402)
* karaf-transaction-manager-narayana: netty (CVE-2019-16869, CVE-2019-20445)
* tomcat (CVE-2020-1935, CVE-2020-1938, CVE-2020-9484, CVE-2020-13934, CVE-2020-13935, CVE-2020-11996)
* spring-cloud-config-server (CVE-2020-5410)
* velocity (CVE-2020-13936)
* httpclient: apache-httpclient (CVE-2020-13956)
* shiro-core: shiro (CVE-2020-17510)
* hibernate-core (CVE-2020-25638)
* wildfly-openssl (CVE-2020-25644)
* jetty (CVE-2020-27216, CVE-2021-28165)
* bouncycastle (CVE-2020-28052)
* wildfly (CVE-2019-14887, CVE-2020-25640)
* resteasy-jaxrs: resteasy (CVE-2020-1695)
* camel-olingo4 (CVE-2020-1925)
* springframework (CVE-2020-5421)
* jsf-impl: Mojarra (CVE-2020-6950)
* resteasy (CVE-2020-10688)
* hibernate-validator (CVE-2020-10693)
* wildfly-elytron (CVE-2020-10714)
* undertow (CVE-2020-10719)
* activemq (CVE-2020-13920)
* cxf-core: cxf (CVE-2020-13954)
* fuse-apicurito-operator-container: golang.org/x/text (CVE-2020-14040)
* jboss-ejb-client: wildfly (CVE-2020-14297)
* xercesimpl: wildfly (CVE-2020-14338)
* xnio (CVE-2020-14340)
* flink: apache-flink (CVE-2020-17518)
* resteasy-client (CVE-2020-25633)
* xstream (CVE-2020-26258)
* mybatis (CVE-2020-26945)
* pdfbox (CVE-2021-27807, CVE-2021-27906)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{ "document": { "aggregate_severity": { "namespace": "https://access.redhat.com/security/updates/classification/", "text": "Moderate" }, "category": "csaf_security_advisory", "csaf_version": "2.0", "distribution": { "text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.", "tlp": { "label": "WHITE", "url": "https://www.first.org/tlp/" } }, "lang": "en", "notes": [ { "category": "summary", "text": "A minor version update (from 7.8 to 7.9) is now available for Red Hat Fuse. The purpose of this text-only errata is to inform you about the security issues fixed in this release.\n\nRed Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.", "title": "Topic" }, { "category": "general", "text": "This release of Red Hat Fuse 7.9.0 serves as a replacement for Red Hat Fuse 7.8, and includes bug fixes and enhancements, which are documented in the Release Notes document linked to in the References.\n\nSecurity Fix(es):\n\n* hawtio-osgi (CVE-2017-5645)\n\n* prometheus-jmx-exporter: snakeyaml (CVE-2017-18640)\n\n* apache-commons-compress (CVE-2019-12402)\n\n* karaf-transaction-manager-narayana: netty (CVE-2019-16869, CVE-2019-20445)\n\n* tomcat (CVE-2020-1935, CVE-2020-1938, CVE-2020-9484, CVE-2020-13934, CVE-2020-13935, CVE-2020-11996)\n\n* spring-cloud-config-server (CVE-2020-5410)\n\n* velocity (CVE-2020-13936)\n\n* httpclient: apache-httpclient (CVE-2020-13956)\n\n* shiro-core: shiro (CVE-2020-17510)\n\n* hibernate-core (CVE-2020-25638)\n\n* wildfly-openssl (CVE-2020-25644)\n\n* jetty (CVE-2020-27216, CVE-2021-28165)\n\n* bouncycastle (CVE-2020-28052)\n\n* wildfly (CVE-2019-14887, CVE-2020-25640)\n\n* resteasy-jaxrs: resteasy (CVE-2020-1695)\n\n* camel-olingo4 (CVE-2020-1925)\n\n* springframework (CVE-2020-5421)\n\n* jsf-impl: Mojarra (CVE-2020-6950)\n\n* resteasy (CVE-2020-10688)\n\n* hibernate-validator (CVE-2020-10693)\n\n* wildfly-elytron (CVE-2020-10714)\n\n* undertow (CVE-2020-10719)\n\n* activemq (CVE-2020-13920)\n\n* cxf-core: cxf (CVE-2020-13954)\n\n* fuse-apicurito-operator-container: golang.org/x/text (CVE-2020-14040)\n\n* jboss-ejb-client: wildfly (CVE-2020-14297)\n\n* xercesimpl: wildfly (CVE-2020-14338)\n\n* xnio (CVE-2020-14340)\n\n* flink: apache-flink (CVE-2020-17518)\n\n* resteasy-client (CVE-2020-25633)\n\n* xstream (CVE-2020-26258)\n\n* mybatis (CVE-2020-26945)\n\n* pdfbox (CVE-2021-27807, CVE-2021-27906)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.", "title": "Details" }, { "category": "legal_disclaimer", "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.", "title": "Terms of Use" } ], "publisher": { "category": "vendor", "contact_details": "https://access.redhat.com/security/team/contact/", "issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.", "name": "Red Hat Product Security", "namespace": "https://www.redhat.com" }, "references": [ { "category": "self", "summary": "https://access.redhat.com/errata/RHSA-2021:3140", "url": "https://access.redhat.com/errata/RHSA-2021:3140" }, { "category": "external", "summary": "https://access.redhat.com/security/updates/classification/#moderate", "url": "https://access.redhat.com/security/updates/classification/#moderate" }, { "category": "external", "summary": "https://access.redhat.com/jbossnetwork/restricted/listSoftware.html?downloadType=distributions\u0026product=jboss.fuse\u0026version=7.9.0", "url": "https://access.redhat.com/jbossnetwork/restricted/listSoftware.html?downloadType=distributions\u0026product=jboss.fuse\u0026version=7.9.0" }, { "category": "external", "summary": "https://access.redhat.com/documentation/en-us/red_hat_fuse/7.9/", "url": "https://access.redhat.com/documentation/en-us/red_hat_fuse/7.9/" }, { "category": "external", "summary": "1443635", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1443635" }, { "category": "external", "summary": "1730462", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1730462" }, { "category": "external", "summary": "1758619", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1758619" }, { "category": "external", "summary": "1764640", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1764640" }, { "category": "external", "summary": "1772008", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1772008" }, { "category": "external", "summary": "1785376", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1785376" }, { "category": "external", "summary": "1790309", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1790309" }, { "category": "external", "summary": "1798509", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1798509" }, { "category": "external", "summary": "1805006", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1805006" }, { "category": "external", "summary": "1805501", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1805501" }, { "category": "external", "summary": "1806398", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1806398" }, { "category": "external", "summary": "1806835", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1806835" }, { "category": "external", "summary": "1814974", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1814974" }, { "category": "external", "summary": "1825714", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1825714" }, { "category": "external", "summary": "1828459", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1828459" }, { "category": "external", "summary": "1838332", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1838332" }, { "category": "external", "summary": "1845626", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1845626" }, { "category": "external", "summary": "1851420", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1851420" }, { "category": "external", "summary": "1853595", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1853595" }, { "category": "external", "summary": "1853652", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1853652" }, { "category": "external", "summary": "1857024", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1857024" }, { "category": "external", "summary": "1857040", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1857040" }, { "category": "external", "summary": "1860054", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1860054" }, { "category": "external", "summary": "1860218", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1860218" }, { "category": "external", "summary": "1879042", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1879042" }, { "category": "external", "summary": "1880101", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1880101" }, { "category": "external", "summary": "1881158", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1881158" }, { "category": "external", "summary": "1881353", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1881353" }, { "category": "external", "summary": "1881637", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1881637" }, { "category": "external", "summary": "1885485", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1885485" }, { "category": "external", "summary": "1886587", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1886587" }, { "category": "external", "summary": "1887257", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1887257" }, { "category": "external", "summary": "1891132", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1891132" }, { "category": "external", "summary": "1898235", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1898235" }, { "category": "external", "summary": "1903727", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1903727" }, { "category": "external", "summary": "1908832", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1908832" }, { "category": "external", "summary": "1912881", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1912881" }, { "category": "external", "summary": "1913312", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1913312" }, { "category": "external", "summary": "1937440", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1937440" }, { "category": "external", "summary": "1941050", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1941050" }, { "category": "external", "summary": "1941055", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1941055" }, { "category": "external", "summary": "1945714", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1945714" }, { "category": "self", "summary": "Canonical URL", "url": "https://security.access.redhat.com/data/csaf/v2/advisories/2021/rhsa-2021_3140.json" } ], "title": "Red Hat Security Advisory: Red Hat Fuse 7.9.0 release and security update", "tracking": { "current_release_date": "2024-11-05T23:50:25+00:00", "generator": { "date": "2024-11-05T23:50:25+00:00", "engine": { "name": "Red Hat SDEngine", "version": "4.1.1" } }, "id": "RHSA-2021:3140", "initial_release_date": "2021-08-11T18:21:58+00:00", "revision_history": [ { "date": "2021-08-11T18:21:58+00:00", "number": "1", "summary": "Initial version" }, { "date": "2021-08-11T18:21:58+00:00", "number": "2", "summary": "Last updated version" }, { "date": "2024-11-05T23:50:25+00:00", "number": "3", "summary": "Last generated version" } ], "status": "final", "version": "3" } }, "product_tree": { "branches": [ { "branches": [ { "branches": [ { "category": "product_name", "name": "Red Hat Fuse 7.9", "product": { "name": "Red Hat Fuse 7.9", "product_id": "Red Hat Fuse 7.9", "product_identification_helper": { "cpe": "cpe:/a:redhat:jboss_fuse:7" } } } ], "category": "product_family", "name": "Red Hat JBoss Fuse" } ], "category": "vendor", "name": "Red Hat" } ] }, "vulnerabilities": [ { "cve": "CVE-2017-5645", "cwe": { "id": "CWE-502", "name": "Deserialization of Untrusted Data" }, "discovery_date": "2017-04-17T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1443635" } ], "notes": [ { "category": "description", "text": "It was found that when using remote logging with log4j socket server the log4j server would deserialize any log event received via TCP or UDP. An attacker could use this flaw to send a specially crafted log event that, during deserialization, would execute arbitrary code in the context of the logger application.", "title": "Vulnerability description" }, { "category": "summary", "text": "log4j: Socket receiver deserialization vulnerability", "title": "Vulnerability summary" }, { "category": "other", "text": "The flaw in Log4j-1.x is now identified by CVE-2019-17571. CVE-2017-5645 has been assigned by MITRE to a similar flaw identified in Log4j-2.x", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Red Hat Fuse 7.9" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2017-5645" }, { "category": "external", "summary": "RHBZ#1443635", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1443635" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2017-5645", "url": "https://www.cve.org/CVERecord?id=CVE-2017-5645" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2017-5645", "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-5645" } ], "release_date": "2017-04-02T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2021-08-11T18:21:58+00:00", "details": "Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nInstallation instructions are available from the Fuse 7.9.0 product\ndocumentation page:\nhttps://access.redhat.com/documentation/en-us/red_hat_fuse/7.9/", "product_ids": [ "Red Hat Fuse 7.9" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2021:3140" } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.1, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0" }, "products": [ "Red Hat Fuse 7.9" ] } ], "threats": [ { "category": "impact", "details": "Low" } ], "title": "log4j: Socket receiver deserialization vulnerability" }, { "cve": "CVE-2017-18640", "cwe": { "id": "CWE-122", "name": "Heap-based Buffer Overflow" }, "discovery_date": "2019-12-19T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1785376" } ], "notes": [ { "category": "description", "text": "The Alias feature in SnakeYAML before 1.26 allows entity expansion during a load operation, a related issue to CVE-2003-1564.", "title": "Vulnerability description" }, { "category": "summary", "text": "snakeyaml: Billion laughs attack via alias feature", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Red Hat Fuse 7.9" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2017-18640" }, { "category": "external", "summary": "RHBZ#1785376", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1785376" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2017-18640", "url": "https://www.cve.org/CVERecord?id=CVE-2017-18640" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2017-18640", "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-18640" } ], "release_date": "2019-12-12T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2021-08-11T18:21:58+00:00", "details": "Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nInstallation instructions are available from the Fuse 7.9.0 product\ndocumentation page:\nhttps://access.redhat.com/documentation/en-us/red_hat_fuse/7.9/", "product_ids": [ "Red Hat Fuse 7.9" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2021:3140" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.6, "baseSeverity": "HIGH", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:H", "version": "3.1" }, "products": [ "Red Hat Fuse 7.9" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "snakeyaml: Billion laughs attack via alias feature" }, { "cve": "CVE-2019-12402", "cwe": { "id": "CWE-835", "name": "Loop with Unreachable Exit Condition (\u0027Infinite Loop\u0027)" }, "discovery_date": "2019-10-15T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1764640" } ], "notes": [ { "category": "description", "text": "A resource consumption vulnerability was discovered in apache-commons-compress in the way NioZipEncoding encodes filenames. Applications that use Compress to create archives, with one of the filenames within the archive being controlled by the user, may be vulnerable to this flaw. A remote attacker could exploit this flaw to cause an infinite loop during the archive creation, thus leading to a denial of service.", "title": "Vulnerability description" }, { "category": "summary", "text": "apache-commons-compress: Infinite loop in name encoding algorithm", "title": "Vulnerability summary" }, { "category": "other", "text": "This issue does not affect the versions of apache-commons-compress as shipped with Red Hat Enterprise Linux 7, and the versions of rh-java-common-apache-commons-compress and rh-maven35-apache-commons-compress as shipped with Red Hat Software Collections 3, as they used a fallback zip encoding implementation (leveraging java.io) to encode filenames.\nThis issue does not affect the versions of rh-maven36-apache-commons-compress as shipped with Red Hat Software Collection 3 as they already include the patch.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Red Hat Fuse 7.9" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2019-12402" }, { "category": "external", "summary": "RHBZ#1764640", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1764640" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2019-12402", "url": "https://www.cve.org/CVERecord?id=CVE-2019-12402" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2019-12402", "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-12402" } ], "release_date": "2019-08-27T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2021-08-11T18:21:58+00:00", "details": "Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nInstallation instructions are available from the Fuse 7.9.0 product\ndocumentation page:\nhttps://access.redhat.com/documentation/en-us/red_hat_fuse/7.9/", "product_ids": [ "Red Hat Fuse 7.9" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2021:3140" } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 5.1, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.0" }, "products": [ "Red Hat Fuse 7.9" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "apache-commons-compress: Infinite loop in name encoding algorithm" }, { "cve": "CVE-2019-14887", "cwe": { "id": "CWE-757", "name": "Selection of Less-Secure Algorithm During Negotiation (\u0027Algorithm Downgrade\u0027)" }, "discovery_date": "2019-11-08T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1772008" } ], "notes": [ { "category": "description", "text": "A flaw was found when an OpenSSL security provider is used with Wildfly, the \u0027enabled-protocols\u0027 value in the Wildfly configuration isn\u0027t honored. An attacker could target the traffic sent from Wildfly and downgrade the connection to a weaker version of TLS, potentially breaking the encryption. This could lead to a leak of the data being passed over the network.", "title": "Vulnerability description" }, { "category": "summary", "text": "wildfly: The \u0027enabled-protocols\u0027 value in legacy security is not respected if OpenSSL security provider is in use", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Red Hat Fuse 7.9" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2019-14887" }, { "category": "external", "summary": "RHBZ#1772008", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1772008" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2019-14887", "url": "https://www.cve.org/CVERecord?id=CVE-2019-14887" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2019-14887", "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-14887" } ], "release_date": "2020-03-12T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2021-08-11T18:21:58+00:00", "details": "Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nInstallation instructions are available from the Fuse 7.9.0 product\ndocumentation page:\nhttps://access.redhat.com/documentation/en-us/red_hat_fuse/7.9/", "product_ids": [ "Red Hat Fuse 7.9" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2021:3140" }, { "category": "workaround", "details": "Avoid using an OpenSSL security provider and instead use the default configuration or regular JSSE provider with \u0027TLS\u0027.", "product_ids": [ "Red Hat Fuse 7.9" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 7.4, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N", "version": "3.0" }, "products": [ "Red Hat Fuse 7.9" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "wildfly: The \u0027enabled-protocols\u0027 value in legacy security is not respected if OpenSSL security provider is in use" }, { "cve": "CVE-2019-16869", "cwe": { "id": "CWE-444", "name": "Inconsistent Interpretation of HTTP Requests (\u0027HTTP Request/Response Smuggling\u0027)" }, "discovery_date": "2019-09-26T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1758619" } ], "notes": [ { "category": "description", "text": "A flaw was found in Netty, where whitespace before the colon in HTTP headers is mishandled. This flaw allows an attacker to cause HTTP request smuggling.", "title": "Vulnerability description" }, { "category": "summary", "text": "netty: HTTP request smuggling by mishandled whitespace before the colon in HTTP headers", "title": "Vulnerability summary" }, { "category": "other", "text": "OpenShift Container Platform ships a vulnerable netty library as part of the logging-elasticsearch5 container. ElasticSearch\u0027s security team has stated that this vulnerability does not poses a substantial practical threat to ElasticSearch 6 [1]. We agree that this issue would be difficult to exploit these vulnerabilities on OpenShift Container Platform, so we\u0027re reducing the impact of this issue to moderate and may fix it in the future release.\n\nRed Hat Satellite ships vulnerable netty version embedded in Candlepin, however, is not directly vulnerable since HTTP requests are handled by Tomcat and not netty.\n\n[1] https://github.com/elastic/elasticsearch/issues/49396", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Red Hat Fuse 7.9" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2019-16869" }, { "category": "external", "summary": "RHBZ#1758619", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1758619" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2019-16869", "url": "https://www.cve.org/CVERecord?id=CVE-2019-16869" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2019-16869", "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-16869" } ], "release_date": "2019-09-26T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2021-08-11T18:21:58+00:00", "details": "Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nInstallation instructions are available from the Fuse 7.9.0 product\ndocumentation page:\nhttps://access.redhat.com/documentation/en-us/red_hat_fuse/7.9/", "product_ids": [ "Red Hat Fuse 7.9" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2021:3140" }, { "category": "workaround", "details": "* Use HTTP/2 instead (clear boundaries between requests)\n* Disable reuse of backend connections eg. ```http-reuse never``` in HAProxy or whatever equivalent LB settings", "product_ids": [ "Red Hat Fuse 7.9" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", "version": "3.0" }, "products": [ "Red Hat Fuse 7.9" ] } ], "threats": [ { "category": "impact", "details": "Low" } ], "title": "netty: HTTP request smuggling by mishandled whitespace before the colon in HTTP headers" }, { "cve": "CVE-2019-20445", "cwe": { "id": "CWE-444", "name": "Inconsistent Interpretation of HTTP Requests (\u0027HTTP Request/Response Smuggling\u0027)" }, "discovery_date": "2020-01-20T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1798509" } ], "notes": [ { "category": "description", "text": "A flaw was found in Netty before version 4.1.44, where it accepted multiple Content-Length headers and also accepted both Transfer-Encoding, as well as Content-Length headers where it should reject the message under such circumstances. In circumstances where Netty is used in the context of a server, it could result in a viable HTTP smuggling vulnerability.", "title": "Vulnerability description" }, { "category": "summary", "text": "netty: HttpObjectDecoder.java allows Content-Length header to accompanied by second Content-Length header", "title": "Vulnerability summary" }, { "category": "other", "text": "OpenShift Container Platform ships a vulnerable netty library as part of the logging-elasticsearch5 container. ElasticSearch\u0027s security team has stated that the previous vulnerability, CVE-2019-16869, does not poses a substantial practical threat to ElasticSearch 6 [1]. We agree that this issue would be difficult to exploit both these vulnerabilities on OpenShift Container Platform, so we\u0027re reducing the impact of this issue to moderate and may fix it in the future release.\n\nRed Hat Satellite ships a vulnerable version of netty embedded in Candlepin. However, the flaw can not be triggered in that context, because HTTP requests are handled by Tomcat, not by netty. A future release may fix this.\n\n[1] https://github.com/elastic/elasticsearch/issues/49396", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Red Hat Fuse 7.9" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2019-20445" }, { "category": "external", "summary": "RHBZ#1798509", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1798509" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2019-20445", "url": "https://www.cve.org/CVERecord?id=CVE-2019-20445" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2019-20445", "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-20445" } ], "release_date": "2020-01-29T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2021-08-11T18:21:58+00:00", "details": "Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nInstallation instructions are available from the Fuse 7.9.0 product\ndocumentation page:\nhttps://access.redhat.com/documentation/en-us/red_hat_fuse/7.9/", "product_ids": [ "Red Hat Fuse 7.9" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2021:3140" }, { "category": "workaround", "details": "* Use HTTP/2 instead (clear boundaries between requests)\n* Disable reuse of backend connections eg. ```http-reuse never``` in HAProxy or whatever equivalent LB settings", "product_ids": [ "Red Hat Fuse 7.9" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", "version": "3.1" }, "products": [ "Red Hat Fuse 7.9" ] } ], "threats": [ { "category": "impact", "details": "Low" } ], "title": "netty: HttpObjectDecoder.java allows Content-Length header to accompanied by second Content-Length header" }, { "acknowledgments": [ { "names": [ "Mirko Selber" ], "organization": "Compass Security" } ], "cve": "CVE-2020-1695", "cwe": { "id": "CWE-20", "name": "Improper Input Validation" }, "discovery_date": "2019-07-16T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1730462" } ], "notes": [ { "category": "description", "text": "A flaw was found in Resteasy, where an improper input validation results in returning an illegal header that integrates into the server\u0027s response. This flaw may result in an injection, which leads to unexpected behavior when the HTTP response is constructed.", "title": "Vulnerability description" }, { "category": "summary", "text": "resteasy: Improper validation of response header in MediaTypeHeaderDelegate.java class", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Red Hat Fuse 7.9" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2020-1695" }, { "category": "external", "summary": "RHBZ#1730462", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1730462" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2020-1695", "url": "https://www.cve.org/CVERecord?id=CVE-2020-1695" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-1695", "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-1695" } ], "release_date": "2020-04-15T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2021-08-11T18:21:58+00:00", "details": "Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nInstallation instructions are available from the Fuse 7.9.0 product\ndocumentation page:\nhttps://access.redhat.com/documentation/en-us/red_hat_fuse/7.9/", "product_ids": [ "Red Hat Fuse 7.9" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2021:3140" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", "version": "3.0" }, "products": [ "Red Hat Fuse 7.9" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "resteasy: Improper validation of response header in MediaTypeHeaderDelegate.java class" }, { "cve": "CVE-2020-1925", "cwe": { "id": "CWE-352", "name": "Cross-Site Request Forgery (CSRF)" }, "discovery_date": "2020-01-08T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1790309" } ], "notes": [ { "category": "description", "text": "Apache Olingo versions 4.0.0 to 4.7.0 provide the AsyncRequestWrapperImpl class which reads a URL from the Location header, and then sends a GET or DELETE request to this URL. It may allow to implement a SSRF attack. If an attacker tricks a client to connect to a malicious server, the server can make the client call any URL including internal resources which are not directly accessible by the attacker.", "title": "Vulnerability description" }, { "category": "summary", "text": "olingo-odata: Server side request forgery in AsyncResponseWrapperImpl", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Red Hat Fuse 7.9" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2020-1925" }, { "category": "external", "summary": "RHBZ#1790309", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1790309" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2020-1925", "url": "https://www.cve.org/CVERecord?id=CVE-2020-1925" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-1925", "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-1925" } ], "release_date": "2020-01-08T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2021-08-11T18:21:58+00:00", "details": "Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nInstallation instructions are available from the Fuse 7.9.0 product\ndocumentation page:\nhttps://access.redhat.com/documentation/en-us/red_hat_fuse/7.9/", "product_ids": [ "Red Hat Fuse 7.9" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2021:3140" } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.8, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N", "version": "3.1" }, "products": [ "Red Hat Fuse 7.9" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "olingo-odata: Server side request forgery in AsyncResponseWrapperImpl" }, { "acknowledgments": [ { "names": [ "@ZeddYu" ], "organization": "Apache Tomcat Security Team" } ], "cve": "CVE-2020-1935", "cwe": { "id": "CWE-444", "name": "Inconsistent Interpretation of HTTP Requests (\u0027HTTP Request/Response Smuggling\u0027)" }, "discovery_date": "2019-12-25T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1806835" } ], "notes": [ { "category": "description", "text": "A flaw was found in Apache Tomcat. The HTTP header parsing code used an approach to end-of-line (EOL) parsing that allowed some invalid HTTP headers to be parsed as valid. This led to the possibility of HTTP Request Smuggling if Tomcat was located behind a reverse proxy that incorrectly handled the invalid Transfer-Encoding header in a particular manner. The highest threat with this vulnerability is system availability.", "title": "Vulnerability description" }, { "category": "summary", "text": "tomcat: Mishandling of Transfer-Encoding header allows for HTTP request smuggling", "title": "Vulnerability summary" }, { "category": "other", "text": "OpenDaylight in Red Hat OpenStack 10 \u0026 13 was in technical preview status, because of this no fixes will be released for it.\n\nIn Red Hat Satellite 6, Candlepin is using Tomcat to provide a REST API, and has been found to be vulnerable to the flaw. However, it is currently believed that no useful attacks can be carried over.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Red Hat Fuse 7.9" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2020-1935" }, { "category": "external", "summary": "RHBZ#1806835", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1806835" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2020-1935", "url": "https://www.cve.org/CVERecord?id=CVE-2020-1935" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-1935", "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-1935" }, { "category": "external", "summary": "https://tomcat.apache.org/security-7.html#Fixed_in_Apache_Tomcat_7.0.100", "url": "https://tomcat.apache.org/security-7.html#Fixed_in_Apache_Tomcat_7.0.100" }, { "category": "external", "summary": "https://tomcat.apache.org/security-8.html#Fixed_in_Apache_Tomcat_8.5.51", "url": "https://tomcat.apache.org/security-8.html#Fixed_in_Apache_Tomcat_8.5.51" }, { "category": "external", "summary": "https://tomcat.apache.org/security-9.html#Fixed_in_Apache_Tomcat_9.0.31", "url": "https://tomcat.apache.org/security-9.html#Fixed_in_Apache_Tomcat_9.0.31" } ], "release_date": "2020-02-24T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2021-08-11T18:21:58+00:00", "details": "Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nInstallation instructions are available from the Fuse 7.9.0 product\ndocumentation page:\nhttps://access.redhat.com/documentation/en-us/red_hat_fuse/7.9/", "product_ids": [ "Red Hat Fuse 7.9" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2021:3140" }, { "category": "workaround", "details": "Workaround for Red Hat Satellite 6 is to add iptables rule to deny TCP requests of Tomcat that are not originating from the Satellite.\n\nFor other Red Hat products, either mitigation isn\u0027t available or the currently available options don\u0027t meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.", "product_ids": [ "Red Hat Fuse 7.9" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 4.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", "version": "3.1" }, "products": [ "Red Hat Fuse 7.9" ] } ], "threats": [ { "category": "impact", "details": "Low" } ], "title": "tomcat: Mishandling of Transfer-Encoding header allows for HTTP request smuggling" }, { "cve": "CVE-2020-1938", "cwe": { "id": "CWE-285", "name": "Improper Authorization" }, "discovery_date": "2020-02-24T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1806398" } ], "notes": [ { "category": "description", "text": "CVE-2020-1938 is a file read/inclusion vulnerability in the AJP connector in Apache Tomcat. This is enabled by default with a default configuration port of 8009. A remote, unauthenticated attacker could exploit this vulnerability to read web application files from a vulnerable server. In instances where the vulnerable server allows file uploads, an attacker could upload malicious JavaServer Pages (JSP) code within a variety of file types and trigger this vulnerability to gain remote code execution (RCE).", "title": "Vulnerability description" }, { "category": "summary", "text": "tomcat: Apache Tomcat AJP File Read/Inclusion Vulnerability", "title": "Vulnerability summary" }, { "category": "other", "text": "Please refer to the Red Hat knowledgebase article: https://access.redhat.com/solutions/4851251 and CVE page https://access.redhat.com/security/cve/cve-2020-1745", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Red Hat Fuse 7.9" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2020-1938" }, { "category": "external", "summary": "RHBZ#1806398", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1806398" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2020-1938", "url": "https://www.cve.org/CVERecord?id=CVE-2020-1938" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-1938", "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-1938" }, { "category": "external", "summary": "https://meterpreter.org/cve-2020-1938-apache-tomcat-ajp-connector-remote-code-execution-vulnerability-alert/", "url": "https://meterpreter.org/cve-2020-1938-apache-tomcat-ajp-connector-remote-code-execution-vulnerability-alert/" }, { "category": "external", "summary": "https://tomcat.apache.org/security-7.html#Fixed_in_Apache_Tomcat_7.0.100", "url": "https://tomcat.apache.org/security-7.html#Fixed_in_Apache_Tomcat_7.0.100" }, { "category": "external", "summary": "https://tomcat.apache.org/security-8.html#Fixed_in_Apache_Tomcat_8.5.51", "url": "https://tomcat.apache.org/security-8.html#Fixed_in_Apache_Tomcat_8.5.51" }, { "category": "external", "summary": "https://tomcat.apache.org/security-9.html#Fixed_in_Apache_Tomcat_9.0.31", "url": "https://tomcat.apache.org/security-9.html#Fixed_in_Apache_Tomcat_9.0.31" }, { "category": "external", "summary": "https://www.cnvd.org.cn/webinfo/show/5415", "url": "https://www.cnvd.org.cn/webinfo/show/5415" }, { "category": "external", "summary": "https://www.tenable.com/blog/cve-2020-1938-ghostcat-apache-tomcat-ajp-file-readinclusion-vulnerability-cnvd-2020-10487", "url": "https://www.tenable.com/blog/cve-2020-1938-ghostcat-apache-tomcat-ajp-file-readinclusion-vulnerability-cnvd-2020-10487" }, { "category": "external", "summary": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "release_date": "2020-02-20T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2021-08-11T18:21:58+00:00", "details": "Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nInstallation instructions are available from the Fuse 7.9.0 product\ndocumentation page:\nhttps://access.redhat.com/documentation/en-us/red_hat_fuse/7.9/", "product_ids": [ "Red Hat Fuse 7.9" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2021:3140" }, { "category": "workaround", "details": "Please refer to the Red Hat knowledgebase article: https://access.redhat.com/solutions/4851251", "product_ids": [ "Red Hat Fuse 7.9" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "ADJACENT_NETWORK", "availabilityImpact": "LOW", "baseScore": 7.6, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:L", "version": "3.1" }, "products": [ "Red Hat Fuse 7.9" ] } ], "threats": [ { "category": "exploit_status", "date": "2022-03-03T00:00:00+00:00", "details": "CISA: https://www.cisa.gov/known-exploited-vulnerabilities-catalog" }, { "category": "impact", "details": "Low" } ], "title": "tomcat: Apache Tomcat AJP File Read/Inclusion Vulnerability" }, { "cve": "CVE-2020-5410", "cwe": { "id": "CWE-22", "name": "Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)" }, "discovery_date": "2020-06-01T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1845626" } ], "notes": [ { "category": "description", "text": "A flaw was found in spring-cloud-config in versions prior to 2.1.9 and 2.2.3. Applications are allowed to serve arbitrary configuration files through the spring-cloud-config-server module allowing an attacker to send a request using a specially crafted URL to create a directory traversal attack. The highest threat from this vulnerability is to data confidentiality.", "title": "Vulnerability description" }, { "category": "summary", "text": "spring-cloud-config-server: sending a request using a specially crafted URL can lead to a directory traversal attack", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Red Hat Fuse 7.9" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2020-5410" }, { "category": "external", "summary": "RHBZ#1845626", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1845626" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2020-5410", "url": "https://www.cve.org/CVERecord?id=CVE-2020-5410" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-5410", "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-5410" }, { "category": "external", "summary": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "release_date": "2020-05-15T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2021-08-11T18:21:58+00:00", "details": "Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nInstallation instructions are available from the Fuse 7.9.0 product\ndocumentation page:\nhttps://access.redhat.com/documentation/en-us/red_hat_fuse/7.9/", "product_ids": [ "Red Hat Fuse 7.9" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2021:3140" }, { "category": "workaround", "details": "Users of vulnerable versions or older, unsupported versions of spring-cloud-config-server should upgrade to a patched version. Spring-cloud-config-server should only be accessible on internal networks.", "product_ids": [ "Red Hat Fuse 7.9" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.1" }, "products": [ "Red Hat Fuse 7.9" ] } ], "threats": [ { "category": "exploit_status", "date": "2022-03-25T00:00:00+00:00", "details": "CISA: https://www.cisa.gov/known-exploited-vulnerabilities-catalog" }, { "category": "impact", "details": "Low" } ], "title": "spring-cloud-config-server: sending a request using a specially crafted URL can lead to a directory traversal attack" }, { "cve": "CVE-2020-5421", "discovery_date": "2020-09-17T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1881158" } ], "notes": [ { "category": "description", "text": "In Spring Framework, the protections against RFD attacks from CVE-2015-5211 may be bypassed depending on the browser used through the use of a jsessionid path parameter.", "title": "Vulnerability description" }, { "category": "summary", "text": "springframework: RFD protection bypass via jsessionid", "title": "Vulnerability summary" }, { "category": "other", "text": "This issue does not affect the version of SpringFramework (embedded in rhvm-dependencies) shipped with Red Hat Virtualization, as it does not provide support for spring-web.\n\nIn Red Hat Gluster Storage 3, SpringFramework (embedded in rhvm-dependencies) was shipped as a part of Red Hat Gluster Storage Console that is no longer supported for use with Red Hat Gluster Storage 3.5. However, spring-web is not included in the shipped version of SpringFramework.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Red Hat Fuse 7.9" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2020-5421" }, { "category": "external", "summary": "RHBZ#1881158", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1881158" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2020-5421", "url": "https://www.cve.org/CVERecord?id=CVE-2020-5421" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-5421", "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-5421" } ], "release_date": "2020-09-17T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2021-08-11T18:21:58+00:00", "details": "Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nInstallation instructions are available from the Fuse 7.9.0 product\ndocumentation page:\nhttps://access.redhat.com/documentation/en-us/red_hat_fuse/7.9/", "product_ids": [ "Red Hat Fuse 7.9" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2021:3140" } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:L/I:H/A:N", "version": "3.1" }, "products": [ "Red Hat Fuse 7.9" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "springframework: RFD protection bypass via jsessionid" }, { "acknowledgments": [ { "names": [ "An Trinh" ] } ], "cve": "CVE-2020-6950", "cwe": { "id": "CWE-22", "name": "Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)" }, "discovery_date": "2019-12-16T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1805006" } ], "notes": [ { "category": "description", "text": "A flaw was found in Eclipse Mojarra before version 2.3.14, where it is vulnerable to a path traversal flaw via the loc parameter or the con parameter. An attacker could exploit this flaw to read arbitrary files.", "title": "Vulnerability description" }, { "category": "summary", "text": "Mojarra: Path traversal via either the loc parameter or the con parameter, incomplete fix of CVE-2018-14371", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Red Hat Fuse 7.9" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2020-6950" }, { "category": "external", "summary": "RHBZ#1805006", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1805006" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2020-6950", "url": "https://www.cve.org/CVERecord?id=CVE-2020-6950" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-6950", "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-6950" }, { "category": "external", "summary": "https://bugs.eclipse.org/bugs/show_bug.cgi?id=550943", "url": "https://bugs.eclipse.org/bugs/show_bug.cgi?id=550943" }, { "category": "external", "summary": "https://github.com/eclipse-ee4j/mojarra/commit/1b434748d9239f42eae8aa7d37d7a0930c061e24", "url": "https://github.com/eclipse-ee4j/mojarra/commit/1b434748d9239f42eae8aa7d37d7a0930c061e24" }, { "category": "external", "summary": "https://github.com/eclipse-ee4j/mojarra/commit/cefbb9447e7be560e59da2da6bd7cb93776f7741", "url": "https://github.com/eclipse-ee4j/mojarra/commit/cefbb9447e7be560e59da2da6bd7cb93776f7741" }, { "category": "external", "summary": "https://github.com/eclipse-ee4j/mojarra/issues/4571", "url": "https://github.com/eclipse-ee4j/mojarra/issues/4571" }, { "category": "external", "summary": "https://github.com/javaserverfaces/mojarra/issues/4364", "url": "https://github.com/javaserverfaces/mojarra/issues/4364" } ], "release_date": "2020-02-20T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2021-08-11T18:21:58+00:00", "details": "Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nInstallation instructions are available from the Fuse 7.9.0 product\ndocumentation page:\nhttps://access.redhat.com/documentation/en-us/red_hat_fuse/7.9/", "product_ids": [ "Red Hat Fuse 7.9" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2021:3140" }, { "category": "workaround", "details": "There is no currently known mitigation for this flaw.", "product_ids": [ "Red Hat Fuse 7.9" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N", "version": "3.1" }, "products": [ "Red Hat Fuse 7.9" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "Mojarra: Path traversal via either the loc parameter or the con parameter, incomplete fix of CVE-2018-14371" }, { "cve": "CVE-2020-9484", "cwe": { "id": "CWE-502", "name": "Deserialization of Untrusted Data" }, "discovery_date": "2020-05-20T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1838332" } ], "notes": [ { "category": "description", "text": "A deserialization flaw was discovered in Apache Tomcat\u0027s use of a FileStore. Under specific circumstances, an attacker can use a specially crafted request to trigger Remote Code Execution through deserialization of the file under their control. The highest threat from the vulnerability is to data confidentiality and integrity as well as system availability.", "title": "Vulnerability description" }, { "category": "summary", "text": "tomcat: deserialization flaw in session persistence storage leading to RCE", "title": "Vulnerability summary" }, { "category": "other", "text": "In Red Hat Enterprise Linux 8, Red Hat Certificate System 10 and Identity Management are using the pki-servlet-engine component, which embeds a vulnerable version of Tomcat. However, in these specific contexts, the prerequisites to the vulnerability are not met. The PersistentManager is not set, and a SecurityManager is used. The use of pki-servlet-engine outside of these contexts is not supported. As a result, the vulnerability can not be triggered in supported configurations of these products. A future update may update Tomcat in pki-servlet-engine.\n\nRed Hat Satellite do not ship Tomcat and rather use its configuration. The product is not affected because configuration does not make use of PersistanceManager or FileStore. Tomcat updates can be obtain from Red Hat Enterprise Linux (RHEL) RHSA.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Red Hat Fuse 7.9" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2020-9484" }, { "category": "external", "summary": "RHBZ#1838332", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1838332" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2020-9484", "url": "https://www.cve.org/CVERecord?id=CVE-2020-9484" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-9484", "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-9484" }, { "category": "external", "summary": "http://mail-archives.apache.org/mod_mbox/tomcat-announce/202005.mbox/%3Ce3a0a517-bf82-ba62-0af6-24b83ea0e4e2%40apache.org%3E", "url": "http://mail-archives.apache.org/mod_mbox/tomcat-announce/202005.mbox/%3Ce3a0a517-bf82-ba62-0af6-24b83ea0e4e2%40apache.org%3E" }, { "category": "external", "summary": "http://tomcat.apache.org/security-10.html#Fixed_in_Apache_Tomcat_10.0.0-M5", "url": "http://tomcat.apache.org/security-10.html#Fixed_in_Apache_Tomcat_10.0.0-M5" }, { "category": "external", "summary": "http://tomcat.apache.org/security-7.html#Fixed_in_Apache_Tomcat_7.0.104", "url": "http://tomcat.apache.org/security-7.html#Fixed_in_Apache_Tomcat_7.0.104" }, { "category": "external", "summary": "http://tomcat.apache.org/security-8.html#Fixed_in_Apache_Tomcat_8.5.55", "url": "http://tomcat.apache.org/security-8.html#Fixed_in_Apache_Tomcat_8.5.55" }, { "category": "external", "summary": "http://tomcat.apache.org/security-9.html#Fixed_in_Apache_Tomcat_9.0.35", "url": "http://tomcat.apache.org/security-9.html#Fixed_in_Apache_Tomcat_9.0.35" } ], "release_date": "2020-05-20T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2021-08-11T18:21:58+00:00", "details": "Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nInstallation instructions are available from the Fuse 7.9.0 product\ndocumentation page:\nhttps://access.redhat.com/documentation/en-us/red_hat_fuse/7.9/", "product_ids": [ "Red Hat Fuse 7.9" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2021:3140" }, { "category": "workaround", "details": "Users may configure the PersistenceManager with an appropriate value for sessionAttributeValueClassNameFilter to ensure that only application provided attributes are serialized and deserialized. For more details about the configuration, refer to the Apache Tomcat 9 Configuration Reference https://tomcat.apache.org/tomcat-9.0-doc/config/manager.html.", "product_ids": [ "Red Hat Fuse 7.9" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.0, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "Red Hat Fuse 7.9" ] } ], "threats": [ { "category": "impact", "details": "Low" } ], "title": "tomcat: deserialization flaw in session persistence storage leading to RCE" }, { "cve": "CVE-2020-10688", "cwe": { "id": "CWE-79", "name": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)" }, "discovery_date": "2020-03-06T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1814974" } ], "notes": [ { "category": "description", "text": "A cross-site scripting (XSS) flaw was found in RESTEasy, where it did not properly handle URL encoding when the RESTEASY003870 exception occurs. An attacker could use this flaw to launch a reflected XSS attack.", "title": "Vulnerability description" }, { "category": "summary", "text": "RESTEasy: RESTEASY003870 exception in RESTEasy can lead to a reflected XSS attack", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Red Hat Fuse 7.9" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2020-10688" }, { "category": "external", "summary": "RHBZ#1814974", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1814974" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2020-10688", "url": "https://www.cve.org/CVERecord?id=CVE-2020-10688" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-10688", "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-10688" }, { "category": "external", "summary": "https://github.com/quarkusio/quarkus/issues/7248", "url": "https://github.com/quarkusio/quarkus/issues/7248" }, { "category": "external", "summary": "https://issues.redhat.com/browse/RESTEASY-2519", "url": "https://issues.redhat.com/browse/RESTEASY-2519" } ], "release_date": "2020-02-18T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2021-08-11T18:21:58+00:00", "details": "Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nInstallation instructions are available from the Fuse 7.9.0 product\ndocumentation page:\nhttps://access.redhat.com/documentation/en-us/red_hat_fuse/7.9/", "product_ids": [ "Red Hat Fuse 7.9" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2021:3140" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.4, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N", "version": "3.1" }, "products": [ "Red Hat Fuse 7.9" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "RESTEasy: RESTEASY003870 exception in RESTEasy can lead to a reflected XSS attack" }, { "acknowledgments": [ { "names": [ "Alvaro Mu\u00f1oz" ], "organization": "GitHub Security Labs" } ], "cve": "CVE-2020-10693", "cwe": { "id": "CWE-20", "name": "Improper Input Validation" }, "discovery_date": "2020-02-05T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1805501" } ], "notes": [ { "category": "description", "text": "A flaw was found in Hibernate Validator version 6.1.2.Final. A bug in the message interpolation processor enables invalid EL expressions to be evaluated as if they were valid. This flaw allows attackers to bypass input sanitation (escaping, stripping) controls that developers may have put in place when handling user-controlled data in error messages.", "title": "Vulnerability description" }, { "category": "summary", "text": "hibernate-validator: Improper input validation in the interpolation of constraint error messages", "title": "Vulnerability summary" }, { "category": "other", "text": "hibernate-validator is packaged with Red Hat OpenStack Platform 13.0\u0027s OpenDaylight (ODL). However, because ODL is technical preview in this version and the flaw is moderate, Red Hat will not be releasing a fix for the OpenStack package at this time.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Red Hat Fuse 7.9" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2020-10693" }, { "category": "external", "summary": "RHBZ#1805501", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1805501" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2020-10693", "url": "https://www.cve.org/CVERecord?id=CVE-2020-10693" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-10693", "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-10693" } ], "release_date": "2020-05-05T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2021-08-11T18:21:58+00:00", "details": "Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nInstallation instructions are available from the Fuse 7.9.0 product\ndocumentation page:\nhttps://access.redhat.com/documentation/en-us/red_hat_fuse/7.9/", "product_ids": [ "Red Hat Fuse 7.9" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2021:3140" }, { "category": "workaround", "details": "You can pass user input as an expression variable by unwrapping the context to HibernateConstraintValidatorContext. Please refer to the https://in.relation.to/2020/05/07/hibernate-validator-615-6020-released/ and https://docs.jboss.org/hibernate/stable/validator/reference/en-US/html_single/#_the_code_constraintvalidatorcontext_code.", "product_ids": [ "Red Hat Fuse 7.9" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", "version": "3.1" }, "products": [ "Red Hat Fuse 7.9" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "hibernate-validator: Improper input validation in the interpolation of constraint error messages" }, { "acknowledgments": [ { "names": [ "Mark Banierink" ], "organization": "Nedap" } ], "cve": "CVE-2020-10714", "cwe": { "id": "CWE-384", "name": "Session Fixation" }, "discovery_date": "2020-03-24T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1825714" } ], "notes": [ { "category": "description", "text": "A flaw was found in WildFly Elytron version 1.11.3.Final and before. When using WildFly Elytron FORM authentication with a session ID in the URL, an attacker could perform a session fixation attack. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.", "title": "Vulnerability description" }, { "category": "summary", "text": "wildfly-elytron: session fixation when using FORM authentication", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Red Hat Fuse 7.9" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2020-10714" }, { "category": "external", "summary": "RHBZ#1825714", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1825714" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2020-10714", "url": "https://www.cve.org/CVERecord?id=CVE-2020-10714" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-10714", "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-10714" } ], "release_date": "2020-04-28T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2021-08-11T18:21:58+00:00", "details": "Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nInstallation instructions are available from the Fuse 7.9.0 product\ndocumentation page:\nhttps://access.redhat.com/documentation/en-us/red_hat_fuse/7.9/", "product_ids": [ "Red Hat Fuse 7.9" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2021:3140" }, { "category": "workaround", "details": "This attack is dependent on the attacker being able to create a session and the victim accessing the session before the session expires, we do have a 15 minute session timeout by default but the attacker could also keep this alive by say sending in a request every five minutes.\n\nThe server by default supports session tracking by URL and Cookie, if the web.xml is updated to support COOKIE only the exploit is not possible by sharing the link.\n~~~\n \u003csession-config\u003e\n \u003ctracking-mode\u003eURL\u003c/tracking-mode\u003e\n \u003c/session-config\u003e\n~~~\nTO\n~~~\n \u003csession-config\u003e\n \u003ctracking-mode\u003eCOOKIE\u003c/tracking-mode\u003e\n \u003c/session-config\u003e\n~~~", "product_ids": [ "Red Hat Fuse 7.9" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "Red Hat Fuse 7.9" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "wildfly-elytron: session fixation when using FORM authentication" }, { "acknowledgments": [ { "names": [ "ZeddYu" ] } ], "cve": "CVE-2020-10719", "cwe": { "id": "CWE-444", "name": "Inconsistent Interpretation of HTTP Requests (\u0027HTTP Request/Response Smuggling\u0027)" }, "discovery_date": "2020-02-11T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1828459" } ], "notes": [ { "category": "description", "text": "A flaw was found in Undertow, regarding the processing of invalid HTTP requests with large chunk sizes. This flaw allows an attacker to take advantage of HTTP request smuggling.", "title": "Vulnerability description" }, { "category": "summary", "text": "undertow: invalid HTTP request with large chunk size", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Red Hat Fuse 7.9" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2020-10719" }, { "category": "external", "summary": "RHBZ#1828459", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1828459" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2020-10719", "url": "https://www.cve.org/CVERecord?id=CVE-2020-10719" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-10719", "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-10719" } ], "release_date": "2020-05-06T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2021-08-11T18:21:58+00:00", "details": "Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nInstallation instructions are available from the Fuse 7.9.0 product\ndocumentation page:\nhttps://access.redhat.com/documentation/en-us/red_hat_fuse/7.9/", "product_ids": [ "Red Hat Fuse 7.9" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2021:3140" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N", "version": "3.1" }, "products": [ "Red Hat Fuse 7.9" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "undertow: invalid HTTP request with large chunk size" }, { "cve": "CVE-2020-11996", "cwe": { "id": "CWE-400", "name": "Uncontrolled Resource Consumption" }, "discovery_date": "2020-06-25T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1851420" } ], "notes": [ { "category": "description", "text": "A specially crafted sequence of HTTP/2 requests sent to Apache Tomcat 10.0.0-M1 to 10.0.0-M5, 9.0.0.M1 to 9.0.35 and 8.5.0 to 8.5.55 could trigger high CPU usage for several seconds. If a sufficient number of such requests were made on concurrent HTTP/2 connections, the server could become unresponsive.", "title": "Vulnerability description" }, { "category": "summary", "text": "tomcat: specially crafted sequence of HTTP/2 requests can lead to DoS", "title": "Vulnerability summary" }, { "category": "other", "text": "Red Hat OpenStack Platform\u0027s OpenDaylight will not be updated for this flaw because it was deprecated as of RHOSP14 and is only receiving security fixes for Important and Critical flaws.\nApache Tomcat versions as shipped with Red Hat Enterprise Linux 6 and 7 are not affected by this flaw as it doesn\u0027t support HTTP/2 protocol.\nRed Hat Enterprise Linux 8\u0027s Identity Management is using an affected version of Tomcat bundled within PKI servlet engine, however HTTP/2 protocol is not supported by this component.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Red Hat Fuse 7.9" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2020-11996" }, { "category": "external", "summary": "RHBZ#1851420", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1851420" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2020-11996", "url": "https://www.cve.org/CVERecord?id=CVE-2020-11996" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-11996", "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-11996" }, { "category": "external", "summary": "http://mail-archives.apache.org/mod_mbox/tomcat-announce/202006.mbox/%3Cfd56bc1d-1219-605b-99c7-946bf7bd8ad4%40apache.org%3E", "url": "http://mail-archives.apache.org/mod_mbox/tomcat-announce/202006.mbox/%3Cfd56bc1d-1219-605b-99c7-946bf7bd8ad4%40apache.org%3E" }, { "category": "external", "summary": "http://tomcat.apache.org/security-10.html#Fixed_in_Apache_Tomcat_10.0.0-M6", "url": "http://tomcat.apache.org/security-10.html#Fixed_in_Apache_Tomcat_10.0.0-M6" }, { "category": "external", "summary": "http://tomcat.apache.org/security-8.html#Fixed_in_Apache_Tomcat_8.5.56", "url": "http://tomcat.apache.org/security-8.html#Fixed_in_Apache_Tomcat_8.5.56" }, { "category": "external", "summary": "http://tomcat.apache.org/security-9.html#Fixed_in_Apache_Tomcat_9.0.36", "url": "http://tomcat.apache.org/security-9.html#Fixed_in_Apache_Tomcat_9.0.36" } ], "release_date": "2020-06-25T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2021-08-11T18:21:58+00:00", "details": "Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nInstallation instructions are available from the Fuse 7.9.0 product\ndocumentation page:\nhttps://access.redhat.com/documentation/en-us/red_hat_fuse/7.9/", "product_ids": [ "Red Hat Fuse 7.9" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2021:3140" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "Red Hat Fuse 7.9" ] } ], "threats": [ { "category": "impact", "details": "Low" } ], "title": "tomcat: specially crafted sequence of HTTP/2 requests can lead to DoS" }, { "cve": "CVE-2020-13920", "cwe": { "id": "CWE-287", "name": "Improper Authentication" }, "discovery_date": "2020-09-10T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1880101" } ], "notes": [ { "category": "description", "text": "Apache ActiveMQ uses LocateRegistry.createRegistry() to create the JMX RMI registry and binds the server to the \"jmxrmi\" entry. It is possible to connect to the registry without authentication and call the rebind method to rebind jmxrmi to something else. If an attacker creates another server to proxy the original, and bound that, he effectively becomes a man in the middle and is able to intercept the credentials when an user connects.", "title": "Vulnerability description" }, { "category": "summary", "text": "activemq: improper authentication allows MITM attack", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Red Hat Fuse 7.9" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2020-13920" }, { "category": "external", "summary": "RHBZ#1880101", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1880101" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2020-13920", "url": "https://www.cve.org/CVERecord?id=CVE-2020-13920" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-13920", "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-13920" } ], "release_date": "2020-09-10T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2021-08-11T18:21:58+00:00", "details": "Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nInstallation instructions are available from the Fuse 7.9.0 product\ndocumentation page:\nhttps://access.redhat.com/documentation/en-us/red_hat_fuse/7.9/", "product_ids": [ "Red Hat Fuse 7.9" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2021:3140" } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.9, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.1" }, "products": [ "Red Hat Fuse 7.9" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "activemq: improper authentication allows MITM attack" }, { "cve": "CVE-2020-13934", "cwe": { "id": "CWE-400", "name": "Uncontrolled Resource Consumption" }, "discovery_date": "2020-07-15T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1857040" } ], "notes": [ { "category": "description", "text": "A flaw was found in Apache Tomcat, where an h2c direct connection did not release the HTTP/1.1 processor after the upgrade to HTTP/2. If a sufficient number of such requests are made, an OutOfMemoryException could occur, leading to a denial of service. The highest threat from this vulnerability is to system availability.", "title": "Vulnerability description" }, { "category": "summary", "text": "tomcat: OutOfMemoryException caused by HTTP/2 connection leak could lead to DoS", "title": "Vulnerability summary" }, { "category": "other", "text": "Red Hat Certificate System 10.0 and Red Hat Enterprise Linux 8\u0027s Identity Management, are using a vulnerable version of Tomcat that is bundled into the pki-servlet-engine component. However, HTTP/2 is not enabled in such a configuration, and it is not possible to trigger the flaw in a supported setup. A future update may fix the code.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Red Hat Fuse 7.9" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2020-13934" }, { "category": "external", "summary": "RHBZ#1857040", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1857040" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2020-13934", "url": "https://www.cve.org/CVERecord?id=CVE-2020-13934" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-13934", "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-13934" }, { "category": "external", "summary": "http://mail-archives.apache.org/mod_mbox/tomcat-announce/202007.mbox/%3Cad62f54e-8fd7-e326-25f1-3bdf1ffa3818%40apache.org%3E", "url": "http://mail-archives.apache.org/mod_mbox/tomcat-announce/202007.mbox/%3Cad62f54e-8fd7-e326-25f1-3bdf1ffa3818%40apache.org%3E" }, { "category": "external", "summary": "http://tomcat.apache.org/security-10.html#Fixed_in_Apache_Tomcat_10.0.0-M7", "url": "http://tomcat.apache.org/security-10.html#Fixed_in_Apache_Tomcat_10.0.0-M7" }, { "category": "external", "summary": "http://tomcat.apache.org/security-7.html#Fixed_in_Apache_Tomcat_7.0.105", "url": "http://tomcat.apache.org/security-7.html#Fixed_in_Apache_Tomcat_7.0.105" }, { "category": "external", "summary": "http://tomcat.apache.org/security-8.html#Fixed_in_Apache_Tomcat_8.5.57", "url": "http://tomcat.apache.org/security-8.html#Fixed_in_Apache_Tomcat_8.5.57" }, { "category": "external", "summary": "http://tomcat.apache.org/security-9.html#Fixed_in_Apache_Tomcat_9.0.37", "url": "http://tomcat.apache.org/security-9.html#Fixed_in_Apache_Tomcat_9.0.37" } ], "release_date": "2020-07-15T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2021-08-11T18:21:58+00:00", "details": "Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nInstallation instructions are available from the Fuse 7.9.0 product\ndocumentation page:\nhttps://access.redhat.com/documentation/en-us/red_hat_fuse/7.9/", "product_ids": [ "Red Hat Fuse 7.9" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2021:3140" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "Red Hat Fuse 7.9" ] } ], "threats": [ { "category": "impact", "details": "Low" } ], "title": "tomcat: OutOfMemoryException caused by HTTP/2 connection leak could lead to DoS" }, { "cve": "CVE-2020-13935", "cwe": { "id": "CWE-400", "name": "Uncontrolled Resource Consumption" }, "discovery_date": "2020-07-15T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1857024" } ], "notes": [ { "category": "description", "text": "A flaw was found in Apache Tomcat, where the payload length in a WebSocket frame was not correctly validated. Invalid payload lengths could trigger an infinite loop. Multiple requests with invalid payload lengths could lead to a denial of service. The highest threat from this vulnerability is to system availability.", "title": "Vulnerability description" }, { "category": "summary", "text": "tomcat: multiple requests with invalid payload length in a WebSocket frame could lead to DoS", "title": "Vulnerability summary" }, { "category": "other", "text": "Red Hat Certificate System 10.0 as well as Red Hat Enterprise Linux 8\u0027s Identity Management, are using a vulnerable version of Tomcat, bundled into the pki-servlet-engine component. However, there is no entry point for WebSockets, thus it is not possible to trigger the flaw in a supported setup. A future update may fix the code. Similarly, Red Hat OpenStack Platform 13 does not ship with WebSocket functionality enabled by default.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Red Hat Fuse 7.9" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2020-13935" }, { "category": "external", "summary": "RHBZ#1857024", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1857024" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2020-13935", "url": "https://www.cve.org/CVERecord?id=CVE-2020-13935" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-13935", "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-13935" }, { "category": "external", "summary": "http://mail-archives.apache.org/mod_mbox/tomcat-announce/202007.mbox/%3C39e4200c-6f4e-b85d-fe4b-a9c2bd5fdc3d%40apache.org%3E", "url": "http://mail-archives.apache.org/mod_mbox/tomcat-announce/202007.mbox/%3C39e4200c-6f4e-b85d-fe4b-a9c2bd5fdc3d%40apache.org%3E" }, { "category": "external", "summary": "http://tomcat.apache.org/security-10.html#Fixed_in_Apache_Tomcat_10.0.0-M7", "url": "http://tomcat.apache.org/security-10.html#Fixed_in_Apache_Tomcat_10.0.0-M7" }, { "category": "external", "summary": "http://tomcat.apache.org/security-7.html#Fixed_in_Apache_Tomcat_7.0.105", "url": "http://tomcat.apache.org/security-7.html#Fixed_in_Apache_Tomcat_7.0.105" }, { "category": "external", "summary": "http://tomcat.apache.org/security-8.html#Fixed_in_Apache_Tomcat_8.5.57", "url": "http://tomcat.apache.org/security-8.html#Fixed_in_Apache_Tomcat_8.5.57" }, { "category": "external", "summary": "http://tomcat.apache.org/security-9.html#Fixed_in_Apache_Tomcat_9.0.37", "url": "http://tomcat.apache.org/security-9.html#Fixed_in_Apache_Tomcat_9.0.37" } ], "release_date": "2020-07-15T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2021-08-11T18:21:58+00:00", "details": "Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nInstallation instructions are available from the Fuse 7.9.0 product\ndocumentation page:\nhttps://access.redhat.com/documentation/en-us/red_hat_fuse/7.9/", "product_ids": [ "Red Hat Fuse 7.9" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2021:3140" }, { "category": "workaround", "details": "Red Hat has investigated whether a possible mitigation exists for this issue, and has not been able to identify a practical example. Please update as soon as possible.", "product_ids": [ "Red Hat Fuse 7.9" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "Red Hat Fuse 7.9" ] } ], "threats": [ { "category": "impact", "details": "Low" } ], "title": "tomcat: multiple requests with invalid payload length in a WebSocket frame could lead to DoS" }, { "cve": "CVE-2020-13936", "cwe": { "id": "CWE-94", "name": "Improper Control of Generation of Code (\u0027Code Injection\u0027)" }, "discovery_date": "2021-03-10T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1937440" } ], "notes": [ { "category": "description", "text": "A flaw was found in velocity. An attacker, able to modify Velocity templates, may execute arbitrary Java code or run arbitrary system commands with the same privileges as the account running the Servlet container. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.", "title": "Vulnerability description" }, { "category": "summary", "text": "velocity: arbitrary code execution when attacker is able to modify templates", "title": "Vulnerability summary" }, { "category": "other", "text": "OpenShift Container Platform (OCP) openshift-logging/elasticsearch6-rhel8 container does contain a vulnerable version of velocity. The references to the library only occur in the x-pack component which is an enterprise-only feature of Elasticsearch - hence it has been marked as wontfix as this time and may be fixed in a future release. Additionally the hive container only references velocity in the testutils of the code but the code still exists in the container, as such it has been given a Moderate impact.\n\n* Velocity as shipped with Red Hat Enterprise Linux 6 is not affected because it does not contain the vulnerable code.\n\n* Velocity as shipped with Red Hat Enterprise Linux 7 contains a vulnerable version, but it is used as a dependency for IdM/ipa, which does not use the vulnerable functionality. It has been marked as Moderate for this reason.\n\n* Although velocity shipped in Red Hat Enterprise Linux 8\u0027s pki-deps:10.6 for IdM/ipa is a vulnerable version, the vulnerable code is not used by pki. It has been marked as Low for this reason.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Red Hat Fuse 7.9" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2020-13936" }, { "category": "external", "summary": "RHBZ#1937440", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1937440" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2020-13936", "url": "https://www.cve.org/CVERecord?id=CVE-2020-13936" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-13936", "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-13936" } ], "release_date": "2021-03-09T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2021-08-11T18:21:58+00:00", "details": "Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nInstallation instructions are available from the Fuse 7.9.0 product\ndocumentation page:\nhttps://access.redhat.com/documentation/en-us/red_hat_fuse/7.9/", "product_ids": [ "Red Hat Fuse 7.9" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2021:3140" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "Red Hat Fuse 7.9" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "velocity: arbitrary code execution when attacker is able to modify templates" }, { "cve": "CVE-2020-13954", "cwe": { "id": "CWE-79", "name": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)" }, "discovery_date": "2020-11-12T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1898235" } ], "notes": [ { "category": "description", "text": "By default, Apache CXF creates a /services page containing a listing of the available endpoint names and addresses. This webpage is vulnerable to a reflected Cross-Site Scripting (XSS) attack via the styleSheetPath, which allows a malicious actor to inject javascript into the web page. This vulnerability affects all versions of Apache CXF prior to 3.4.1 and 3.3.8. Please note that this is a separate issue to CVE-2019-17573.", "title": "Vulnerability description" }, { "category": "summary", "text": "cxf: XSS via the styleSheetPath", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Red Hat Fuse 7.9" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2020-13954" }, { "category": "external", "summary": "RHBZ#1898235", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1898235" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2020-13954", "url": "https://www.cve.org/CVERecord?id=CVE-2020-13954" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-13954", "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-13954" } ], "release_date": "2020-11-12T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2021-08-11T18:21:58+00:00", "details": "Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nInstallation instructions are available from the Fuse 7.9.0 product\ndocumentation page:\nhttps://access.redhat.com/documentation/en-us/red_hat_fuse/7.9/", "product_ids": [ "Red Hat Fuse 7.9" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2021:3140" }, { "category": "workaround", "details": "Users can disable the service listing altogether by setting the \"hide-service-list-page\" servlet parameter to \"true\".", "product_ids": [ "Red Hat Fuse 7.9" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.1, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "version": "3.1" }, "products": [ "Red Hat Fuse 7.9" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "cxf: XSS via the styleSheetPath" }, { "cve": "CVE-2020-13956", "cwe": { "id": "CWE-20", "name": "Improper Input Validation" }, "discovery_date": "2020-10-08T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1886587" } ], "notes": [ { "category": "description", "text": "Apache HttpClient versions prior to version 4.5.13 and 5.0.3 can misinterpret malformed authority component in request URIs passed to the library as java.net.URI object and pick the wrong target host for request execution.", "title": "Vulnerability description" }, { "category": "summary", "text": "apache-httpclient: incorrect handling of malformed authority component in request URIs", "title": "Vulnerability summary" }, { "category": "other", "text": "In OpenShift Container Platform (OCP) the affected components are behind OpenShift OAuth authentication. This restricts access to the vulnerable httpclient library to authenticated users only. Additionally the vulnerable httpclient library is not used directly in OCP components, therefore the impact by this vulnerability is Low.\nIn OCP 4 there are no plans to maintain ose-logging-elasticsearch5 container, hence marked as wontfix.\n\nIn the Red Hat Enterprise Linux platforms, Maven 35 and 36 are affected via their respective `httpcomponents-client` component.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Red Hat Fuse 7.9" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2020-13956" }, { "category": "external", "summary": "RHBZ#1886587", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1886587" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2020-13956", "url": "https://www.cve.org/CVERecord?id=CVE-2020-13956" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-13956", "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-13956" }, { "category": "external", "summary": "https://www.openwall.com/lists/oss-security/2020/10/08/4", "url": "https://www.openwall.com/lists/oss-security/2020/10/08/4" } ], "release_date": "2020-10-08T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2021-08-11T18:21:58+00:00", "details": "Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nInstallation instructions are available from the Fuse 7.9.0 product\ndocumentation page:\nhttps://access.redhat.com/documentation/en-us/red_hat_fuse/7.9/", "product_ids": [ "Red Hat Fuse 7.9" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2021:3140" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", "version": "3.1" }, "products": [ "Red Hat Fuse 7.9" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "apache-httpclient: incorrect handling of malformed authority component in request URIs" }, { "cve": "CVE-2020-14040", "cwe": { "id": "CWE-835", "name": "Loop with Unreachable Exit Condition (\u0027Infinite Loop\u0027)" }, "discovery_date": "2020-06-17T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1853652" } ], "notes": [ { "category": "description", "text": "A denial of service vulnerability was found in the golang.org/x/text library. A library or application must use one of the vulnerable functions, such as unicode.Transform, transform.String, or transform.Byte, to be susceptible to this vulnerability. If an attacker is able to supply specific characters or strings to the vulnerable application, there is the potential to cause an infinite loop to occur using more memory, resulting in a denial of service.", "title": "Vulnerability description" }, { "category": "summary", "text": "golang.org/x/text: possibility to trigger an infinite loop in encoding/unicode could lead to crash", "title": "Vulnerability summary" }, { "category": "other", "text": "* OpenShift ServiceMesh (OSSM) 1.0 is Out Of Support Scope (OOSS) for Moderate and Low impact vulnerabilities. Jaeger was packaged with ServiceMesh in 1.0, and hence is also marked OOSS, but the Jaeger-Operator is a standalone product and is affected by this vulnerability.\n\n* Because Service Telemetry Framework does not directly use unicode.UTF16, no update will be provided at this time for STF\u0027s sg-core-container.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Red Hat Fuse 7.9" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2020-14040" }, { "category": "external", "summary": "RHBZ#1853652", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1853652" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2020-14040", "url": "https://www.cve.org/CVERecord?id=CVE-2020-14040" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-14040", "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-14040" }, { "category": "external", "summary": "https://github.com/golang/go/issues/39491", "url": "https://github.com/golang/go/issues/39491" }, { "category": "external", "summary": "https://groups.google.com/forum/#!topic/golang-announce/bXVeAmGOqz0", "url": "https://groups.google.com/forum/#!topic/golang-announce/bXVeAmGOqz0" } ], "release_date": "2020-06-17T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2021-08-11T18:21:58+00:00", "details": "Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nInstallation instructions are available from the Fuse 7.9.0 product\ndocumentation page:\nhttps://access.redhat.com/documentation/en-us/red_hat_fuse/7.9/", "product_ids": [ "Red Hat Fuse 7.9" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2021:3140" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "Red Hat Fuse 7.9" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "golang.org/x/text: possibility to trigger an infinite loop in encoding/unicode could lead to crash" }, { "cve": "CVE-2020-14297", "cwe": { "id": "CWE-400", "name": "Uncontrolled Resource Consumption" }, "discovery_date": "2020-07-01T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1853595" } ], "notes": [ { "category": "description", "text": "A flaw was found in Wildfly\u0027s EJB Client, where the accumulation of specific EJB transaction objects over time can cause services to slow down and eventually become unavailable. This flaw allows an attacker to cause a denial of service. The highest threat from this vulnerability is to system availability.", "title": "Vulnerability description" }, { "category": "summary", "text": "wildfly: Some EJB transaction objects may get accumulated causing Denial of Service", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Red Hat Fuse 7.9" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2020-14297" }, { "category": "external", "summary": "RHBZ#1853595", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1853595" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2020-14297", "url": "https://www.cve.org/CVERecord?id=CVE-2020-14297" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-14297", "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-14297" } ], "release_date": "2020-07-23T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2021-08-11T18:21:58+00:00", "details": "Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nInstallation instructions are available from the Fuse 7.9.0 product\ndocumentation page:\nhttps://access.redhat.com/documentation/en-us/red_hat_fuse/7.9/", "product_ids": [ "Red Hat Fuse 7.9" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2021:3140" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "Red Hat Fuse 7.9" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "wildfly: Some EJB transaction objects may get accumulated causing Denial of Service" }, { "cve": "CVE-2020-14338", "cwe": { "id": "CWE-20", "name": "Improper Input Validation" }, "discovery_date": "2020-07-17T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1860054" } ], "notes": [ { "category": "description", "text": "A flaw was found in Wildfly\u0027s implementation of Xerces, specifically in the way the XMLSchemaValidator class in the JAXP component of Wildfly enforced the \"use-grammar-pool-only\" feature. This flaw allows a specially-crafted XML file to manipulate the validation process in certain cases. This issue is the same flaw as CVE-2020-14621, which affected OpenJDK, and uses a similar code.", "title": "Vulnerability description" }, { "category": "summary", "text": "wildfly: XML validation manipulation due to incomplete application of use-grammar-pool-only in xercesImpl", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Red Hat Fuse 7.9" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2020-14338" }, { "category": "external", "summary": "RHBZ#1860054", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1860054" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2020-14338", "url": "https://www.cve.org/CVERecord?id=CVE-2020-14338" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-14338", "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-14338" } ], "release_date": "2020-08-27T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2021-08-11T18:21:58+00:00", "details": "Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nInstallation instructions are available from the Fuse 7.9.0 product\ndocumentation page:\nhttps://access.redhat.com/documentation/en-us/red_hat_fuse/7.9/", "product_ids": [ "Red Hat Fuse 7.9" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2021:3140" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", "version": "3.1" }, "products": [ "Red Hat Fuse 7.9" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "wildfly: XML validation manipulation due to incomplete application of use-grammar-pool-only in xercesImpl" }, { "acknowledgments": [ { "names": [ "Masafumi Miura" ], "organization": "Red Hat", "summary": "This issue was discovered by Red Hat." } ], "cve": "CVE-2020-14340", "cwe": { "id": "CWE-400", "name": "Uncontrolled Resource Consumption" }, "discovery_date": "2020-07-07T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1860218" } ], "notes": [ { "category": "description", "text": "A flaw was found in xnio. A file descriptor leak caused by growing amounts of NIO Selector file, handled between garbage collection cycles, may allow the attacker to cause a denial of service. The highest threat from this vulnerability is to system availability.", "title": "Vulnerability description" }, { "category": "summary", "text": "xnio: file descriptor leak caused by growing amounts of NIO Selector file handles may lead to DoS", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Red Hat Fuse 7.9" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2020-14340" }, { "category": "external", "summary": "RHBZ#1860218", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1860218" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2020-14340", "url": "https://www.cve.org/CVERecord?id=CVE-2020-14340" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-14340", "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-14340" } ], "release_date": "2020-07-24T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2021-08-11T18:21:58+00:00", "details": "Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nInstallation instructions are available from the Fuse 7.9.0 product\ndocumentation page:\nhttps://access.redhat.com/documentation/en-us/red_hat_fuse/7.9/", "product_ids": [ "Red Hat Fuse 7.9" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2021:3140" } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 5.9, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "Red Hat Fuse 7.9" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "xnio: file descriptor leak caused by growing amounts of NIO Selector file handles may lead to DoS" }, { "cve": "CVE-2020-17510", "cwe": { "id": "CWE-290", "name": "Authentication Bypass by Spoofing" }, "discovery_date": "2020-11-14T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1903727" } ], "notes": [ { "category": "description", "text": "A flaw was found in Apache shiro. When using Apache Shiro with Spring, a specially crafted HTTP request may cause an authentication bypass. This highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.", "title": "Vulnerability description" }, { "category": "summary", "text": "shiro: specially crafted HTTP request may cause an authentication bypass", "title": "Vulnerability summary" }, { "category": "other", "text": "Whilst the OpenDaylight version that is included in Red Hat OpenStack Platform includes the affected code, the vulnerable function is not used and therefore not exploitable.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Red Hat Fuse 7.9" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2020-17510" }, { "category": "external", "summary": "RHBZ#1903727", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1903727" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2020-17510", "url": "https://www.cve.org/CVERecord?id=CVE-2020-17510" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-17510", "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-17510" } ], "release_date": "2020-11-05T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2021-08-11T18:21:58+00:00", "details": "Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nInstallation instructions are available from the Fuse 7.9.0 product\ndocumentation page:\nhttps://access.redhat.com/documentation/en-us/red_hat_fuse/7.9/", "product_ids": [ "Red Hat Fuse 7.9" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2021:3140" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "Red Hat Fuse 7.9" ] } ], "threats": [ { "category": "impact", "details": "Low" } ], "title": "shiro: specially crafted HTTP request may cause an authentication bypass" }, { "cve": "CVE-2020-17518", "cwe": { "id": "CWE-22", "name": "Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)" }, "discovery_date": "2021-01-05T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1913312" } ], "notes": [ { "category": "description", "text": "Apache Flink 1.5.1 introduced a REST handler that allows you to write an uploaded file to an arbitrary location on the local file system, through a maliciously modified HTTP HEADER. The files can be written to any location accessible by Flink 1.5.1. All users should upgrade to Flink 1.11.3 or 1.12.0 if their Flink instance(s) are exposed. The issue was fixed in commit a5264a6f41524afe8ceadf1d8ddc8c80f323ebc4 from apache/flink:master.", "title": "Vulnerability description" }, { "category": "summary", "text": "apache-flink: directory traversal attack allows remote file writing through the REST API", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Red Hat Fuse 7.9" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2020-17518" }, { "category": "external", "summary": "RHBZ#1913312", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1913312" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2020-17518", "url": "https://www.cve.org/CVERecord?id=CVE-2020-17518" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-17518", "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-17518" } ], "release_date": "2021-01-05T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2021-08-11T18:21:58+00:00", "details": "Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nInstallation instructions are available from the Fuse 7.9.0 product\ndocumentation page:\nhttps://access.redhat.com/documentation/en-us/red_hat_fuse/7.9/", "product_ids": [ "Red Hat Fuse 7.9" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2021:3140" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", "version": "3.1" }, "products": [ "Red Hat Fuse 7.9" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "apache-flink: directory traversal attack allows remote file writing through the REST API" }, { "cve": "CVE-2020-25633", "cwe": { "id": "CWE-209", "name": "Generation of Error Message Containing Sensitive Information" }, "discovery_date": "2020-09-09T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1879042" } ], "notes": [ { "category": "description", "text": "A flaw was found in the RESTEasy client in all versions of RESTEasy up to 4.5.6.Final. This flaw allows client users to obtain the server\u0027s potentially sensitive information when the server receives the WebApplicationException from the RESTEasy client call. The highest threat from this vulnerability is to confidentiality.", "title": "Vulnerability description" }, { "category": "summary", "text": "resteasy-client: potential sensitive information leakage in JAX-RS RESTEasy Client\u0027s WebApplicationException handling", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Red Hat Fuse 7.9" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2020-25633" }, { "category": "external", "summary": "RHBZ#1879042", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1879042" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2020-25633", "url": "https://www.cve.org/CVERecord?id=CVE-2020-25633" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-25633", "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-25633" } ], "release_date": "2020-09-04T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2021-08-11T18:21:58+00:00", "details": "Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nInstallation instructions are available from the Fuse 7.9.0 product\ndocumentation page:\nhttps://access.redhat.com/documentation/en-us/red_hat_fuse/7.9/", "product_ids": [ "Red Hat Fuse 7.9" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2021:3140" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "version": "3.1" }, "products": [ "Red Hat Fuse 7.9" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "resteasy-client: potential sensitive information leakage in JAX-RS RESTEasy Client\u0027s WebApplicationException handling" }, { "cve": "CVE-2020-25638", "cwe": { "id": "CWE-89", "name": "Improper Neutralization of Special Elements used in an SQL Command (\u0027SQL Injection\u0027)" }, "discovery_date": "2020-09-10T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1881353" } ], "notes": [ { "category": "description", "text": "A flaw was found in hibernate-core in versions prior to and including 5.4.23.Final. A SQL injection in the implementation of the JPA Criteria API can permit unsanitized literals when a literal is used in the SQL comments of the query. This flaw could allow an attacker to access unauthorized information or possibly conduct further attacks. The highest threat from this vulnerability is to data confidentiality and integrity.", "title": "Vulnerability description" }, { "category": "summary", "text": "hibernate-core: SQL injection vulnerability when both hibernate.use_sql_comments and JPQL String literals are used", "title": "Vulnerability summary" }, { "category": "other", "text": "For Red Hat Process Automation Manager and Red Hat Decision Manager, the kie-server-ee7 zip is primarily for Weblogic/Websphere which is decided to stay on hibernate 5.1.x, it\u0027s not possible to make an upgrade to 5.3.x due to technical reasons. For this reason this fix is included only for kie-server-ee7. For this reason there are two components for RHPAM and RHDM.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Red Hat Fuse 7.9" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2020-25638" }, { "category": "external", "summary": "RHBZ#1881353", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1881353" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2020-25638", "url": "https://www.cve.org/CVERecord?id=CVE-2020-25638" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-25638", "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-25638" } ], "release_date": "2020-10-01T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2021-08-11T18:21:58+00:00", "details": "Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nInstallation instructions are available from the Fuse 7.9.0 product\ndocumentation page:\nhttps://access.redhat.com/documentation/en-us/red_hat_fuse/7.9/", "product_ids": [ "Red Hat Fuse 7.9" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2021:3140" }, { "category": "workaround", "details": "Set hibernate.use_sql_comments to false, which is the default value, or use named parameters instead of literals. Please refer to details in https://docs.jboss.org/hibernate/orm/5.4/userguide/html_single/Hibernate_User_Guide.html#configurations-logging and https://docs.jboss.org/hibernate/orm/5.4/userguide/html_single/Hibernate_User_Guide.html#sql-query-parameters.", "product_ids": [ "Red Hat Fuse 7.9" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 7.4, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N", "version": "3.1" }, "products": [ "Red Hat Fuse 7.9" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "hibernate-core: SQL injection vulnerability when both hibernate.use_sql_comments and JPQL String literals are used" }, { "cve": "CVE-2020-25640", "cwe": { "id": "CWE-532", "name": "Insertion of Sensitive Information into Log File" }, "discovery_date": "2020-09-17T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1881637" } ], "notes": [ { "category": "description", "text": "A flaw was found in wildfly. JMS passwords are logged by the resource adaptor in plain text at the warning level when a connection error occurs allowing any user that has access to the log to gain access to this sensitive information. The highest threat from this vulnerability is to data confidentiality.", "title": "Vulnerability description" }, { "category": "summary", "text": "wildfly: resource adapter logs plaintext JMS password at warning level on connection error", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Red Hat Fuse 7.9" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2020-25640" }, { "category": "external", "summary": "RHBZ#1881637", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1881637" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2020-25640", "url": "https://www.cve.org/CVERecord?id=CVE-2020-25640" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-25640", "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-25640" }, { "category": "external", "summary": "https://github.com/amqphub/amqp-10-resource-adapter/issues/13", "url": "https://github.com/amqphub/amqp-10-resource-adapter/issues/13" } ], "release_date": "2020-09-10T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2021-08-11T18:21:58+00:00", "details": "Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nInstallation instructions are available from the Fuse 7.9.0 product\ndocumentation page:\nhttps://access.redhat.com/documentation/en-us/red_hat_fuse/7.9/", "product_ids": [ "Red Hat Fuse 7.9" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2021:3140" } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N", "version": "3.1" }, "products": [ "Red Hat Fuse 7.9" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "wildfly: resource adapter logs plaintext JMS password at warning level on connection error" }, { "cve": "CVE-2020-25644", "cwe": { "id": "CWE-401", "name": "Missing Release of Memory after Effective Lifetime" }, "discovery_date": "2020-05-23T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1885485" } ], "notes": [ { "category": "description", "text": "A memory leak flaw was found in WildFly OpenSSL in versions prior to 1.1.3.Final, where it removes an HTTP session. This flaw allows an attacker to cause an Out of memory (OOM) issue, leading to a denial of service. The highest threat from this vulnerability is to system availability.", "title": "Vulnerability description" }, { "category": "summary", "text": "wildfly-openssl: memory leak per HTTP session creation in WildFly OpenSSL", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Red Hat Fuse 7.9" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2020-25644" }, { "category": "external", "summary": "RHBZ#1885485", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1885485" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2020-25644", "url": "https://www.cve.org/CVERecord?id=CVE-2020-25644" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-25644", "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-25644" } ], "release_date": "2020-09-22T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2021-08-11T18:21:58+00:00", "details": "Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nInstallation instructions are available from the Fuse 7.9.0 product\ndocumentation page:\nhttps://access.redhat.com/documentation/en-us/red_hat_fuse/7.9/", "product_ids": [ "Red Hat Fuse 7.9" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2021:3140" }, { "category": "workaround", "details": "There is currently no known mitigation for this issue.", "product_ids": [ "Red Hat Fuse 7.9" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "Red Hat Fuse 7.9" ] } ], "threats": [ { "category": "impact", "details": "Low" } ], "title": "wildfly-openssl: memory leak per HTTP session creation in WildFly OpenSSL" }, { "cve": "CVE-2020-26258", "cwe": { "id": "CWE-918", "name": "Server-Side Request Forgery (SSRF)" }, "discovery_date": "2020-12-16T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1908832" } ], "notes": [ { "category": "description", "text": "XStream is a Java library to serialize objects to XML and back again. In XStream before version 1.4.15, a Server-Side Forgery Request vulnerability can be activated when unmarshalling. The vulnerability may allow a remote attacker to request data from internal resources that are not publicly available only by manipulating the processed input stream. If you rely on XStream\u0027s default blacklist of the Security Framework, you will have to use at least version 1.4.15. The reported vulnerability does not exist if running Java 15 or higher. No user is affected who followed the recommendation to setup XStream\u0027s Security Framework with a whitelist! Anyone relying on XStream\u0027s default blacklist can immediately switch to a whilelist for the allowed types to avoid the vulnerability. Users of XStream 1.4.14 or below who still want to use XStream default blacklist can use a workaround described in more detailed in the referenced advisories.", "title": "Vulnerability description" }, { "category": "summary", "text": "XStream: Server-Side Forgery Request vulnerability can be activated when unmarshalling", "title": "Vulnerability summary" }, { "category": "other", "text": "OpenShift Container Platform (OCP) delivers jenkins package with bundled XStream library. Due to JEP-200 Jenkins project [1] and advisory SECURITY-383 [2], OCP jenkins package is not affected by this flaw.\n\n[1] https://github.com/jenkinsci/jep/blob/master/jep/200/README.adoc\n[2] https://www.jenkins.io/security/advisory/2017-02-01/ (see SECURITY-383 / CVE-2017-2608)", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Red Hat Fuse 7.9" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2020-26258" }, { "category": "external", "summary": "RHBZ#1908832", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1908832" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2020-26258", "url": "https://www.cve.org/CVERecord?id=CVE-2020-26258" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-26258", "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-26258" } ], "release_date": "2020-12-13T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2021-08-11T18:21:58+00:00", "details": "Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nInstallation instructions are available from the Fuse 7.9.0 product\ndocumentation page:\nhttps://access.redhat.com/documentation/en-us/red_hat_fuse/7.9/", "product_ids": [ "Red Hat Fuse 7.9" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2021:3140" }, { "category": "workaround", "details": "As recommended, use XStream\u0027s security framework to implement a whitelist for the allowed types.\n\nUsers of XStream 1.4.14 who insist to use XStream default blacklist - despite that clear recommendation - can simply add two lines to XStream\u0027s setup code:\n\nxstream.denyTypes(new String[]{ \"jdk.nashorn.internal.objects.NativeString\" });\nxstream.denyTypesByRegExp(new String[]{ \".*\\\\.ReadAllStream\\\\$FileStream\" });\n\nUsers of XStream 1.4.13 who want to use XStream default blacklist can simply add three lines to XStream\u0027s setup code:\n\nxstream.denyTypes(new String[]{ \"javax.imageio.ImageIO$ContainsFilter\", \"jdk.nashorn.internal.objects.NativeString\" });\nxstream.denyTypes(new Class[]{ java.lang.ProcessBuilder.class });\nxstream.denyTypesByRegExp(new String[]{ \".*\\\\.ReadAllStream\\\\$FileStream\" });\n\nUsers of XStream 1.4.12 to 1.4.7 who want to use XStream with a blacklist will have to setup such a list from scratch and deny at least the following types: javax.imageio.ImageIO$ContainsFilter, java.beans.EventHandler, java.lang.ProcessBuilder, jdk.nashorn.internal.objects.NativeString, java.lang.Void and void and deny several types by name pattern.\n\nxstream.denyTypes(new String[]{ \"javax.imageio.ImageIO$ContainsFilter\", \"jdk.nashorn.internal.objects.NativeString\" });\nxstream.denyTypes(new Class[]{ java.lang.ProcessBuilder.class, java.beans.EventHandler.class, java.lang.ProcessBuilder.class, java.lang.Void.class, void.class });\nxstream.denyTypesByRegExp(new String[]{ \".*\\\\$LazyIterator\", \"javax\\\\.crypto\\\\..*\", \".*\\\\.ReadAllStream\\\\$FileStream\" });\n\nUsers of XStream 1.4.6 or below can register an own converter to prevent the unmarshalling of the currently know critical types of the Java runtime. It is in fact an updated version of the workaround for CVE-2013-7285:\n\nxstream.registerConverter(new Converter() {\n public boolean canConvert(Class type) {\n return type != null \u0026\u0026 (type == java.beans.EventHandler.class || type == java.lang.ProcessBuilder.class\n || type.getName().equals(\"javax.imageio.ImageIO$ContainsFilter\") || type.getName().equals(\"jdk.nashorn.internal.objects.NativeString\")\n || type == java.lang.Void.class || void.class || Proxy.isProxy(type)\n || type.getName().startsWith(\"javax.crypto.\") || type.getName().endsWith(\"$LazyIterator\") || type.getName().endsWith(\".ReadAllStream$FileStream\"));\n }\n\n public Object unmarshal(HierarchicalStreamReader reader, UnmarshallingContext context) {\n throw new ConversionException(\"Unsupported type due to security reasons.\");\n }\n\n public void marshal(Object source, HierarchicalStreamWriter writer, MarshallingContext context) {\n throw new ConversionException(\"Unsupported type due to security reasons.\");\n }\n}, XStream.PRIORITY_LOW);", "product_ids": [ "Red Hat Fuse 7.9" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 7.7, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N", "version": "3.1" }, "products": [ "Red Hat Fuse 7.9" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "XStream: Server-Side Forgery Request vulnerability can be activated when unmarshalling" }, { "cve": "CVE-2020-26945", "cwe": { "id": "CWE-502", "name": "Deserialization of Untrusted Data" }, "discovery_date": "2020-10-12T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1887257" } ], "notes": [ { "category": "description", "text": "MyBatis before 3.5.6 mishandles deserialization of object streams.", "title": "Vulnerability description" }, { "category": "summary", "text": "mybatis: mishandles deserialization of object streams which could result in remote code execution", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Red Hat Fuse 7.9" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2020-26945" }, { "category": "external", "summary": "RHBZ#1887257", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1887257" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2020-26945", "url": "https://www.cve.org/CVERecord?id=CVE-2020-26945" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-26945", "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-26945" } ], "release_date": "2020-10-10T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2021-08-11T18:21:58+00:00", "details": "Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nInstallation instructions are available from the Fuse 7.9.0 product\ndocumentation page:\nhttps://access.redhat.com/documentation/en-us/red_hat_fuse/7.9/", "product_ids": [ "Red Hat Fuse 7.9" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2021:3140" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 7.3, "baseSeverity": "HIGH", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", "version": "3.1" }, "products": [ "Red Hat Fuse 7.9" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "mybatis: mishandles deserialization of object streams which could result in remote code execution" }, { "cve": "CVE-2020-27216", "cwe": { "id": "CWE-377", "name": "Insecure Temporary File" }, "discovery_date": "2020-10-23T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1891132" } ], "notes": [ { "category": "description", "text": "In Eclipse Jetty versions 1.0 thru 9.4.32.v20200930, 10.0.0.alpha1 thru 10.0.0.beta2, and 11.0.0.alpha1 thru 11.0.0.beta2O, on Unix like systems, the system\u0027s temporary directory is shared between all users on that system. A collocated user can observe the process of creating a temporary sub directory in the shared temporary directory and race to complete the creation of the temporary subdirectory. If the attacker wins the race then they will have read and write permission to the subdirectory used to unpack web applications, including their WEB-INF/lib jar files and JSP files. If any code is ever executed out of this temporary directory, this can lead to a local privilege escalation vulnerability.", "title": "Vulnerability description" }, { "category": "summary", "text": "jetty: local temporary directory hijacking vulnerability", "title": "Vulnerability summary" }, { "category": "other", "text": "In OpenShift Container Platform (OCP), the Hive/Presto/Hadoop components that comprise the OCP Metering stack, ship the vulnerable version of jetty.\nSince the release of OCP 4.6, the Metering product has been deprecated [1], hence the affected components are marked as wontfix.\nThis may be fixed in the future.\n\n[1] https://docs.openshift.com/container-platform/4.6/release_notes/ocp-4-6-release-notes.html#ocp-4-6-metering-operator-deprecated", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Red Hat Fuse 7.9" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2020-27216" }, { "category": "external", "summary": "RHBZ#1891132", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1891132" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2020-27216", "url": "https://www.cve.org/CVERecord?id=CVE-2020-27216" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-27216", "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-27216" }, { "category": "external", "summary": "https://github.com/eclipse/jetty.project/security/advisories/GHSA-g3wg-6mcf-8jj6#advisory-comment-63053", "url": "https://github.com/eclipse/jetty.project/security/advisories/GHSA-g3wg-6mcf-8jj6#advisory-comment-63053" } ], "release_date": "2020-10-22T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2021-08-11T18:21:58+00:00", "details": "Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nInstallation instructions are available from the Fuse 7.9.0 product\ndocumentation page:\nhttps://access.redhat.com/documentation/en-us/red_hat_fuse/7.9/", "product_ids": [ "Red Hat Fuse 7.9" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2021:3140" }, { "category": "workaround", "details": "Jetty users should create temp folders outside the normal /tmp structure, and ensure that their permissions are set so as not to be accessible by an attacker.", "product_ids": [ "Red Hat Fuse 7.9" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.0, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "Red Hat Fuse 7.9" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "jetty: local temporary directory hijacking vulnerability" }, { "cve": "CVE-2020-28052", "cwe": { "id": "CWE-287", "name": "Improper Authentication" }, "discovery_date": "2021-01-05T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1912881" } ], "notes": [ { "category": "description", "text": "A flaw was found in bouncycastle. The OpenBSDBCrypt.checkPassword utility method compared incorrect data when checking the password allowing incorrect passwords to indicate they were matching with previously hashed ones that were different. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.", "title": "Vulnerability description" }, { "category": "summary", "text": "bouncycastle: password bypass in OpenBSDBCrypt.checkPassword utility possible", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Red Hat Fuse 7.9" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2020-28052" }, { "category": "external", "summary": "RHBZ#1912881", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1912881" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2020-28052", "url": "https://www.cve.org/CVERecord?id=CVE-2020-28052" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-28052", "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-28052" } ], "release_date": "2020-12-18T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2021-08-11T18:21:58+00:00", "details": "Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nInstallation instructions are available from the Fuse 7.9.0 product\ndocumentation page:\nhttps://access.redhat.com/documentation/en-us/red_hat_fuse/7.9/", "product_ids": [ "Red Hat Fuse 7.9" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2021:3140" }, { "category": "workaround", "details": "Users unable to upgrade to version 1.67 or greater can copy the `OpenBSDBCrypt.doCheckPassword()` method implementation (https://github.com/bcgit/bc-java/blob/r1rv67/core/src/main/java/org/bouncycastle/crypto/generators/OpenBSDBCrypt.java#L259-L343) into their own utility class and supplement it with the required methods and variables as required", "product_ids": [ "Red Hat Fuse 7.9" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.1, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "Red Hat Fuse 7.9" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "bouncycastle: password bypass in OpenBSDBCrypt.checkPassword utility possible" }, { "cve": "CVE-2021-27568", "cwe": { "id": "CWE-200", "name": "Exposure of Sensitive Information to an Unauthorized Actor" }, "discovery_date": "2021-03-02T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1939839" } ], "notes": [ { "category": "description", "text": "A flaw was found in json-smart. When an exception is thrown from a function, but is not caught, the program using the library may crash or expose sensitive information. The highest threat from this vulnerability is to data confidentiality and system availability.\r\n\r\nIn OpenShift Container Platform (OCP), the Hive/Presto/Hadoop components that comprise the OCP Metering stack, ship the vulnerable version of json-smart package.\r\nSince the release of OCP 4.6, the Metering product has been deprecated [1], hence the affected components are marked as wontfix.\r\nThis may be fixed in the future.\r\n\r\n[1] https://docs.openshift.com/container-platform/4.6/release_notes/ocp-4-6-release-notes.html#ocp-4-6-metering-operator-deprecated", "title": "Vulnerability description" }, { "category": "summary", "text": "json-smart: uncaught exception may lead to crash or information disclosure", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Red Hat Fuse 7.9" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2021-27568" }, { "category": "external", "summary": "RHBZ#1939839", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1939839" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2021-27568", "url": "https://www.cve.org/CVERecord?id=CVE-2021-27568" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-27568", "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-27568" } ], "release_date": "2021-02-23T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2021-08-11T18:21:58+00:00", "details": "Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nInstallation instructions are available from the Fuse 7.9.0 product\ndocumentation page:\nhttps://access.redhat.com/documentation/en-us/red_hat_fuse/7.9/", "product_ids": [ "Red Hat Fuse 7.9" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2021:3140" } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 5.9, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "Red Hat Fuse 7.9" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "json-smart: uncaught exception may lead to crash or information disclosure" }, { "cve": "CVE-2021-27807", "cwe": { "id": "CWE-835", "name": "Loop with Unreachable Exit Condition (\u0027Infinite Loop\u0027)" }, "discovery_date": "2021-03-19T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1941055" } ], "notes": [ { "category": "description", "text": "A carefully crafted PDF file can trigger an infinite loop while loading the file. This issue affects Apache PDFBox version 2.0.22 and prior 2.0.x versions.", "title": "Vulnerability description" }, { "category": "summary", "text": "pdfbox: infinite loop while loading a crafted PDF file", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Red Hat Fuse 7.9" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2021-27807" }, { "category": "external", "summary": "RHBZ#1941055", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1941055" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2021-27807", "url": "https://www.cve.org/CVERecord?id=CVE-2021-27807" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-27807", "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-27807" } ], "release_date": "2021-03-19T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2021-08-11T18:21:58+00:00", "details": "Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nInstallation instructions are available from the Fuse 7.9.0 product\ndocumentation page:\nhttps://access.redhat.com/documentation/en-us/red_hat_fuse/7.9/", "product_ids": [ "Red Hat Fuse 7.9" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2021:3140" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 5.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "Red Hat Fuse 7.9" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "pdfbox: infinite loop while loading a crafted PDF file" }, { "cve": "CVE-2021-27906", "cwe": { "id": "CWE-400", "name": "Uncontrolled Resource Consumption" }, "discovery_date": "2021-03-19T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1941050" } ], "notes": [ { "category": "description", "text": "A carefully crafted PDF file can trigger an OutOfMemory-Exception while loading the file. This issue affects Apache PDFBox version 2.0.22 and prior 2.0.x versions.", "title": "Vulnerability description" }, { "category": "summary", "text": "pdfbox: OutOfMemory-Exception while loading a crafted PDF file", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Red Hat Fuse 7.9" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2021-27906" }, { "category": "external", "summary": "RHBZ#1941050", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1941050" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2021-27906", "url": "https://www.cve.org/CVERecord?id=CVE-2021-27906" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-27906", "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-27906" } ], "release_date": "2021-03-19T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2021-08-11T18:21:58+00:00", "details": "Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nInstallation instructions are available from the Fuse 7.9.0 product\ndocumentation page:\nhttps://access.redhat.com/documentation/en-us/red_hat_fuse/7.9/", "product_ids": [ "Red Hat Fuse 7.9" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2021:3140" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 5.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "Red Hat Fuse 7.9" ] } ], "threats": [ { "category": "impact", "details": "Low" } ], "title": "pdfbox: OutOfMemory-Exception while loading a crafted PDF file" }, { "cve": "CVE-2021-28165", "cwe": { "id": "CWE-400", "name": "Uncontrolled Resource Consumption" }, "discovery_date": "2021-04-01T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1945714" } ], "notes": [ { "category": "description", "text": "When using SSL/TLS with Jetty, either with HTTP/1.1, HTTP/2, or WebSocket, the server may receive an invalid large (greater than 17408) TLS frame that is incorrectly handled, causing high CPU resources utilization. The highest threat from this vulnerability is to service availability.", "title": "Vulnerability description" }, { "category": "summary", "text": "jetty: Resource exhaustion when receiving an invalid large TLS frame", "title": "Vulnerability summary" }, { "category": "other", "text": "In OpenShift Container Platform (OCP), the hive/presto/hadoop components that comprise the OCP metering stack, ship the vulnerable version of jetty.\nSince the release of OCP 4.6, the metering product has been deprecated [1], hence the affected components are marked as wontfix.\nThis may be fixed in the future.\n\n[1] https://docs.openshift.com/container-platform/4.6/release_notes/ocp-4-6-release-notes.html#ocp-4-6-metering-operator-deprecated\n\nRed Hat OpenStack Platform\u0027s OpenDaylight will not be updated for this flaw because it was deprecated as of OpenStack Platform 14 and is only receiving security fixes for Important and Critical flaws.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Red Hat Fuse 7.9" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2021-28165" }, { "category": "external", "summary": "RHBZ#1945714", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1945714" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2021-28165", "url": "https://www.cve.org/CVERecord?id=CVE-2021-28165" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-28165", "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-28165" }, { "category": "external", "summary": "https://github.com/eclipse/jetty.project/security/advisories/GHSA-26vr-8j45-3r4w", "url": "https://github.com/eclipse/jetty.project/security/advisories/GHSA-26vr-8j45-3r4w" } ], "release_date": "2021-04-01T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2021-08-11T18:21:58+00:00", "details": "Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nInstallation instructions are available from the Fuse 7.9.0 product\ndocumentation page:\nhttps://access.redhat.com/documentation/en-us/red_hat_fuse/7.9/", "product_ids": [ "Red Hat Fuse 7.9" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2021:3140" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "Red Hat Fuse 7.9" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "jetty: Resource exhaustion when receiving an invalid large TLS frame" } ] }
rhsa-2020_3637
Vulnerability from csaf_redhat
Published
2020-09-07 12:57
Modified
2024-11-05 22:40
Summary
Red Hat Security Advisory: Red Hat JBoss Enterprise Application Platform 7.2.9 on RHEL 6 security update
Notes
Topic
An update is now available for Red Hat JBoss Enterprise Application Platform 7.2 for Red Hat Enterprise Linux 6.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details
This release of Red Hat JBoss Enterprise Application Platform 7.2.9 serves as a replacement for Red Hat JBoss Enterprise Application Platform 7.2.8, and includes bug fixes and enhancements. See the Red Hat JBoss Enterprise Application Platform 7.2.9 Release Notes for information about the most significant bug fixes and enhancements included in this release.
Security Fix(es):
* jackson-databind: Serialization gadgets in ibatis-sqlmap (CVE-2020-9547)
* jackson-databind: Lacks certain xbean-reflect/JNDI blocking (CVE-2020-8840)
* jackson-databind: Serialization gadgets in anteros-core (CVE-2020-9548)
* jackson-databind: mishandles the interaction between serialization gadgets and typing which could result in remote command execution (CVE-2020-10672)
* jackson-databind: mishandles the interaction between serialization gadgets and typing which could result in remote command execution (CVE-2020-10673)
* jackson-databind: Serialization gadgets in shaded-hikari-config (CVE-2020-9546)
* undertow: EAP: field-name is not parsed in accordance to RFC7230 (CVE-2020-1710)
* wildfly-undertow: Undertow: Incomplete fix for CVE-2017-2666 due to permitting invalid characters in HTTP requests (CVE-2020-10687)
* jsf-impl: Mojarra: Path traversal via either the loc parameter or the con parameter, incomplete fix of CVE-2018-14371 (CVE-2020-6950)
* resteasy-jaxrs: resteasy: Improper validation of response header in MediaTypeHeaderDelegate.java class (CVE-2020-1695)
* wildfly-elytron: session fixation when using FORM authentication (CVE-2020-10714)
* dom4j: XML External Entity vulnerability in default SAX parser (CVE-2020-10683)
* wildfly: Improper authorization issue in WildFlySecurityManager when using alternative protection domain (CVE-2020-1748)
* hibernate-validator: Improper input validation in the interpolation of constraint error messages (CVE-2020-10693)
* hibernate-core: hibernate: SQL injection issue in Hibernate ORM (CVE-2019-14900)
* wildfly: exposed setting of TCCL via the EmbeddedManagedProcess API (CVE-2020-10718)
• wildfly: unsafe deserialization in Wildfly Enterprise Java Beans (CVE-2020-10740)
* jboss-ejb-client: wildfly: EJB SessionOpenInvocations may not be removed properly after a response is received causing Denial of Service (CVE-2020-14307)
* jboss-ejb-client: wildfly: Some EJB transaction objects may get accumulated causing Denial of Service (CVE-2020-14297)
For more details about the security issue(s), including the impact, a CVSS score, and other related information, see the CVE page(s) listed in the References section.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{ "document": { "aggregate_severity": { "namespace": "https://access.redhat.com/security/updates/classification/", "text": "Important" }, "category": "csaf_security_advisory", "csaf_version": "2.0", "distribution": { "text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.", "tlp": { "label": "WHITE", "url": "https://www.first.org/tlp/" } }, "lang": "en", "notes": [ { "category": "summary", "text": "An update is now available for Red Hat JBoss Enterprise Application Platform 7.2 for Red Hat Enterprise Linux 6.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.", "title": "Topic" }, { "category": "general", "text": "This release of Red Hat JBoss Enterprise Application Platform 7.2.9 serves as a replacement for Red Hat JBoss Enterprise Application Platform 7.2.8, and includes bug fixes and enhancements. See the Red Hat JBoss Enterprise Application Platform 7.2.9 Release Notes for information about the most significant bug fixes and enhancements included in this release.\n\nSecurity Fix(es):\n\n* jackson-databind: Serialization gadgets in ibatis-sqlmap (CVE-2020-9547)\n\n* jackson-databind: Lacks certain xbean-reflect/JNDI blocking (CVE-2020-8840)\n\n* jackson-databind: Serialization gadgets in anteros-core (CVE-2020-9548)\n\n* jackson-databind: mishandles the interaction between serialization gadgets and typing which could result in remote command execution (CVE-2020-10672)\n\n* jackson-databind: mishandles the interaction between serialization gadgets and typing which could result in remote command execution (CVE-2020-10673)\n\n* jackson-databind: Serialization gadgets in shaded-hikari-config (CVE-2020-9546)\n\n* undertow: EAP: field-name is not parsed in accordance to RFC7230 (CVE-2020-1710)\n\n* wildfly-undertow: Undertow: Incomplete fix for CVE-2017-2666 due to permitting invalid characters in HTTP requests (CVE-2020-10687)\n\n* jsf-impl: Mojarra: Path traversal via either the loc parameter or the con parameter, incomplete fix of CVE-2018-14371 (CVE-2020-6950)\n\n* resteasy-jaxrs: resteasy: Improper validation of response header in MediaTypeHeaderDelegate.java class (CVE-2020-1695)\n\n* wildfly-elytron: session fixation when using FORM authentication (CVE-2020-10714)\n\n* dom4j: XML External Entity vulnerability in default SAX parser (CVE-2020-10683)\n\n* wildfly: Improper authorization issue in WildFlySecurityManager when using alternative protection domain (CVE-2020-1748)\n\n* hibernate-validator: Improper input validation in the interpolation of constraint error messages (CVE-2020-10693)\n\n* hibernate-core: hibernate: SQL injection issue in Hibernate ORM (CVE-2019-14900)\n\n* wildfly: exposed setting of TCCL via the EmbeddedManagedProcess API (CVE-2020-10718)\n\n\u2022 wildfly: unsafe deserialization in Wildfly Enterprise Java Beans (CVE-2020-10740)\n\n* jboss-ejb-client: wildfly: EJB SessionOpenInvocations may not be removed properly after a response is received causing Denial of Service (CVE-2020-14307)\n\n* jboss-ejb-client: wildfly: Some EJB transaction objects may get accumulated causing Denial of Service (CVE-2020-14297)\n\nFor more details about the security issue(s), including the impact, a CVSS score, and other related information, see the CVE page(s) listed in the References section.", "title": "Details" }, { "category": "legal_disclaimer", "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.", "title": "Terms of Use" } ], "publisher": { "category": "vendor", "contact_details": "https://access.redhat.com/security/team/contact/", "issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.", "name": "Red Hat Product Security", "namespace": "https://www.redhat.com" }, "references": [ { "category": "self", "summary": "https://access.redhat.com/errata/RHSA-2020:3637", "url": "https://access.redhat.com/errata/RHSA-2020:3637" }, { "category": "external", "summary": "https://access.redhat.com/security/updates/classification/#important", "url": "https://access.redhat.com/security/updates/classification/#important" }, { "category": "external", "summary": "https://access.redhat.com/documentation/en-us/red_hat_jboss_enterprise_application_platform/7.2/", "url": "https://access.redhat.com/documentation/en-us/red_hat_jboss_enterprise_application_platform/7.2/" }, { "category": "external", "summary": "https://access.redhat.com/documentation/en-us/red_hat_jboss_enterprise_application_platform/7.2/html-single/installation_guide/", "url": "https://access.redhat.com/documentation/en-us/red_hat_jboss_enterprise_application_platform/7.2/html-single/installation_guide/" }, { "category": "external", "summary": "1666499", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1666499" }, { "category": "external", "summary": "1694235", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1694235" }, { "category": "external", "summary": "1730462", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1730462" }, { "category": "external", "summary": "1785049", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1785049" }, { "category": "external", "summary": "1793970", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1793970" }, { "category": "external", "summary": "1805006", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1805006" }, { "category": "external", "summary": "1805501", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1805501" }, { "category": "external", "summary": "1807707", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1807707" }, { "category": "external", "summary": "1815470", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1815470" }, { "category": "external", "summary": "1815495", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1815495" }, { "category": "external", "summary": "1816330", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1816330" }, { "category": "external", "summary": "1816332", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1816332" }, { "category": "external", "summary": "1816337", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1816337" }, { "category": "external", "summary": "1816340", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1816340" }, { "category": "external", "summary": "1825714", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1825714" }, { "category": "external", "summary": "1828476", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1828476" }, { "category": "external", "summary": "1834512", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1834512" }, { "category": "external", "summary": "1851327", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1851327" }, { "category": "external", "summary": "1853595", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1853595" }, { "category": "external", "summary": "JBEAP-18366", "url": "https://issues.redhat.com/browse/JBEAP-18366" }, { "category": "external", "summary": "JBEAP-18667", "url": "https://issues.redhat.com/browse/JBEAP-18667" }, { "category": "external", "summary": "JBEAP-18849", "url": "https://issues.redhat.com/browse/JBEAP-18849" }, { "category": "external", "summary": "JBEAP-18880", "url": "https://issues.redhat.com/browse/JBEAP-18880" }, { "category": "external", "summary": "JBEAP-18906", "url": "https://issues.redhat.com/browse/JBEAP-18906" }, { "category": "external", "summary": "JBEAP-18919", "url": "https://issues.redhat.com/browse/JBEAP-18919" }, { "category": "external", "summary": "JBEAP-18965", "url": "https://issues.redhat.com/browse/JBEAP-18965" }, { "category": "external", "summary": "JBEAP-19038", "url": "https://issues.redhat.com/browse/JBEAP-19038" }, { "category": "external", "summary": "JBEAP-19058", "url": "https://issues.redhat.com/browse/JBEAP-19058" }, { "category": "external", "summary": "JBEAP-19120", "url": "https://issues.redhat.com/browse/JBEAP-19120" }, { "category": "external", "summary": "JBEAP-19255", "url": "https://issues.redhat.com/browse/JBEAP-19255" }, { "category": "external", "summary": "JBEAP-19271", "url": "https://issues.redhat.com/browse/JBEAP-19271" }, { "category": "external", "summary": "JBEAP-19315", "url": "https://issues.redhat.com/browse/JBEAP-19315" }, { "category": "external", "summary": "JBEAP-19463", "url": "https://issues.redhat.com/browse/JBEAP-19463" }, { "category": "external", "summary": "JBEAP-19565", "url": "https://issues.redhat.com/browse/JBEAP-19565" }, { "category": "external", "summary": "JBEAP-19587", "url": "https://issues.redhat.com/browse/JBEAP-19587" }, { "category": "external", "summary": "JBEAP-19620", "url": "https://issues.redhat.com/browse/JBEAP-19620" }, { "category": "external", "summary": "JBEAP-19624", "url": "https://issues.redhat.com/browse/JBEAP-19624" }, { "category": "external", "summary": "JBEAP-19703", "url": "https://issues.redhat.com/browse/JBEAP-19703" }, { "category": "external", "summary": "JBEAP-19704", "url": "https://issues.redhat.com/browse/JBEAP-19704" }, { "category": "external", "summary": "JBEAP-19798", "url": "https://issues.redhat.com/browse/JBEAP-19798" }, { "category": "external", "summary": "JBEAP-19837", "url": "https://issues.redhat.com/browse/JBEAP-19837" }, { "category": "external", "summary": "JBEAP-19875", "url": "https://issues.redhat.com/browse/JBEAP-19875" }, { "category": "self", "summary": "Canonical URL", "url": "https://security.access.redhat.com/data/csaf/v2/advisories/2020/rhsa-2020_3637.json" } ], "title": "Red Hat Security Advisory: Red Hat JBoss Enterprise Application Platform 7.2.9 on RHEL 6 security update", "tracking": { "current_release_date": "2024-11-05T22:40:48+00:00", "generator": { "date": "2024-11-05T22:40:48+00:00", "engine": { "name": "Red Hat SDEngine", "version": "4.1.1" } }, "id": "RHSA-2020:3637", "initial_release_date": "2020-09-07T12:57:26+00:00", "revision_history": [ { "date": "2020-09-07T12:57:26+00:00", "number": "1", "summary": "Initial version" }, { "date": "2020-09-07T12:57:26+00:00", "number": "2", "summary": "Last updated version" }, { "date": "2024-11-05T22:40:48+00:00", "number": "3", "summary": "Last generated version" } ], "status": "final", "version": "3" } }, "product_tree": { "branches": [ { "branches": [ { "branches": [ { "category": "product_name", "name": "Red Hat JBoss EAP 7.2 for RHEL 6 Server", "product": { "name": "Red Hat JBoss EAP 7.2 for RHEL 6 Server", "product_id": "6Server-JBEAP-7.2", "product_identification_helper": { "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:7.2::el6" } } } ], "category": "product_family", "name": "Red Hat JBoss Enterprise Application Platform" }, { "branches": [ { "category": "product_version", "name": "eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el6eap.noarch", "product": { "name": "eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el6eap.noarch", "product_id": "eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el6eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-hibernate-validator@6.0.20-1.Final_redhat_00001.1.el6eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el6eap.noarch", "product": { "name": "eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el6eap.noarch", "product_id": "eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el6eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-hibernate-validator-cdi@6.0.20-1.Final_redhat_00001.1.el6eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-undertow-server-0:1.2.5-1.Final_redhat_00001.1.el6eap.noarch", "product": { "name": "eap7-undertow-server-0:1.2.5-1.Final_redhat_00001.1.el6eap.noarch", "product_id": "eap7-undertow-server-0:1.2.5-1.Final_redhat_00001.1.el6eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-undertow-server@1.2.5-1.Final_redhat_00001.1.el6eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-dom4j-0:2.1.3-1.redhat_00001.1.el6eap.noarch", "product": { "name": "eap7-dom4j-0:2.1.3-1.redhat_00001.1.el6eap.noarch", "product_id": "eap7-dom4j-0:2.1.3-1.redhat_00001.1.el6eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-dom4j@2.1.3-1.redhat_00001.1.el6eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "product": { "name": "eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "product_id": "eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-resteasy@3.6.1-10.SP9_redhat_00001.1.el6eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-resteasy-atom-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "product": { "name": "eap7-resteasy-atom-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "product_id": "eap7-resteasy-atom-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-resteasy-atom-provider@3.6.1-10.SP9_redhat_00001.1.el6eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-resteasy-cdi-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "product": { "name": "eap7-resteasy-cdi-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "product_id": "eap7-resteasy-cdi-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-resteasy-cdi@3.6.1-10.SP9_redhat_00001.1.el6eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-resteasy-client-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "product": { "name": "eap7-resteasy-client-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "product_id": "eap7-resteasy-client-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-resteasy-client@3.6.1-10.SP9_redhat_00001.1.el6eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-resteasy-client-microprofile-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "product": { "name": "eap7-resteasy-client-microprofile-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "product_id": "eap7-resteasy-client-microprofile-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-resteasy-client-microprofile@3.6.1-10.SP9_redhat_00001.1.el6eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-resteasy-crypto-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "product": { "name": "eap7-resteasy-crypto-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "product_id": "eap7-resteasy-crypto-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-resteasy-crypto@3.6.1-10.SP9_redhat_00001.1.el6eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-resteasy-jackson-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "product": { "name": "eap7-resteasy-jackson-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "product_id": "eap7-resteasy-jackson-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-resteasy-jackson-provider@3.6.1-10.SP9_redhat_00001.1.el6eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-resteasy-jackson2-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "product": { "name": "eap7-resteasy-jackson2-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "product_id": "eap7-resteasy-jackson2-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-resteasy-jackson2-provider@3.6.1-10.SP9_redhat_00001.1.el6eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-resteasy-jaxb-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "product": { "name": "eap7-resteasy-jaxb-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "product_id": "eap7-resteasy-jaxb-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-resteasy-jaxb-provider@3.6.1-10.SP9_redhat_00001.1.el6eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-resteasy-jaxrs-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "product": { "name": "eap7-resteasy-jaxrs-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "product_id": "eap7-resteasy-jaxrs-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-resteasy-jaxrs@3.6.1-10.SP9_redhat_00001.1.el6eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-resteasy-jettison-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "product": { "name": "eap7-resteasy-jettison-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "product_id": "eap7-resteasy-jettison-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-resteasy-jettison-provider@3.6.1-10.SP9_redhat_00001.1.el6eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-resteasy-jose-jwt-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "product": { "name": "eap7-resteasy-jose-jwt-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "product_id": "eap7-resteasy-jose-jwt-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-resteasy-jose-jwt@3.6.1-10.SP9_redhat_00001.1.el6eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-resteasy-jsapi-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "product": { "name": "eap7-resteasy-jsapi-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "product_id": "eap7-resteasy-jsapi-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-resteasy-jsapi@3.6.1-10.SP9_redhat_00001.1.el6eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-resteasy-json-binding-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "product": { "name": "eap7-resteasy-json-binding-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "product_id": "eap7-resteasy-json-binding-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-resteasy-json-binding-provider@3.6.1-10.SP9_redhat_00001.1.el6eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-resteasy-json-p-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "product": { "name": "eap7-resteasy-json-p-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "product_id": "eap7-resteasy-json-p-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-resteasy-json-p-provider@3.6.1-10.SP9_redhat_00001.1.el6eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-resteasy-multipart-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "product": { "name": "eap7-resteasy-multipart-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "product_id": "eap7-resteasy-multipart-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-resteasy-multipart-provider@3.6.1-10.SP9_redhat_00001.1.el6eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-resteasy-rxjava2-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "product": { "name": "eap7-resteasy-rxjava2-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "product_id": "eap7-resteasy-rxjava2-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-resteasy-rxjava2@3.6.1-10.SP9_redhat_00001.1.el6eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-resteasy-spring-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "product": { "name": "eap7-resteasy-spring-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "product_id": "eap7-resteasy-spring-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-resteasy-spring@3.6.1-10.SP9_redhat_00001.1.el6eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-resteasy-validator-provider-11-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "product": { "name": "eap7-resteasy-validator-provider-11-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "product_id": "eap7-resteasy-validator-provider-11-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-resteasy-validator-provider-11@3.6.1-10.SP9_redhat_00001.1.el6eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-resteasy-yaml-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "product": { "name": "eap7-resteasy-yaml-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "product_id": "eap7-resteasy-yaml-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-resteasy-yaml-provider@3.6.1-10.SP9_redhat_00001.1.el6eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el6eap.noarch", "product": { "name": "eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el6eap.noarch", "product_id": "eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el6eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jboss-xnio-base@3.7.6-4.SP3_redhat_00001.1.el6eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el6eap.noarch", "product": { "name": "eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el6eap.noarch", "product_id": "eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el6eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jackson-databind@2.9.10.4-1.redhat_00001.1.el6eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "product": { "name": "eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "product_id": "eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-hibernate@5.3.17-1.Final_redhat_00001.1.el6eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "product": { "name": "eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "product_id": "eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-hibernate-core@5.3.17-1.Final_redhat_00001.1.el6eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "product": { "name": "eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "product_id": "eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-hibernate-entitymanager@5.3.17-1.Final_redhat_00001.1.el6eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "product": { "name": "eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "product_id": "eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-hibernate-envers@5.3.17-1.Final_redhat_00001.1.el6eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "product": { "name": "eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "product_id": "eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-hibernate-java8@5.3.17-1.Final_redhat_00001.1.el6eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el6eap.noarch", "product": { "name": "eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el6eap.noarch", "product_id": "eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el6eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jboss-genericjms@2.0.6-1.Final_redhat_00001.1.el6eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el6eap.noarch", "product": { "name": "eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el6eap.noarch", "product_id": "eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el6eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-undertow@2.0.30-4.SP4_redhat_00001.1.el6eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el6eap.noarch", "product": { "name": "eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el6eap.noarch", "product_id": "eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el6eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-wildfly-elytron@1.6.8-1.Final_redhat_00001.1.el6eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el6eap.noarch", "product": { "name": "eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el6eap.noarch", "product_id": "eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el6eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-glassfish-jsf@2.3.5-13.SP3_redhat_00011.1.el6eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el6eap.noarch", "product": { "name": "eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el6eap.noarch", "product_id": "eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el6eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jboss-jsf-api_2.3_spec@2.3.5-7.SP2_redhat_00005.1.el6eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el6eap.noarch", "product": { "name": "eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el6eap.noarch", "product_id": "eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el6eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jboss-logmanager@2.1.15-1.Final_redhat_00001.1.el6eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch", "product": { "name": "eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch", "product_id": "eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-weld-core@3.0.6-4.Final_redhat_00004.1.el6eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-weld-core-impl-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch", "product": { "name": "eap7-weld-core-impl-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch", "product_id": "eap7-weld-core-impl-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-weld-core-impl@3.0.6-4.Final_redhat_00004.1.el6eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-weld-core-jsf-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch", "product": { "name": "eap7-weld-core-jsf-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch", "product_id": "eap7-weld-core-jsf-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-weld-core-jsf@3.0.6-4.Final_redhat_00004.1.el6eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-weld-ejb-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch", "product": { "name": "eap7-weld-ejb-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch", "product_id": "eap7-weld-ejb-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-weld-ejb@3.0.6-4.Final_redhat_00004.1.el6eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-weld-jta-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch", "product": { "name": "eap7-weld-jta-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch", "product_id": "eap7-weld-jta-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-weld-jta@3.0.6-4.Final_redhat_00004.1.el6eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-weld-probe-core-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch", "product": { "name": "eap7-weld-probe-core-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch", "product_id": "eap7-weld-probe-core-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-weld-probe-core@3.0.6-4.Final_redhat_00004.1.el6eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-weld-web-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch", "product": { "name": "eap7-weld-web-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch", "product_id": "eap7-weld-web-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-weld-web@3.0.6-4.Final_redhat_00004.1.el6eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el6eap.noarch", "product": { "name": "eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el6eap.noarch", "product_id": "eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el6eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jboss-modules@1.8.10-1.Final_redhat_00001.1.el6eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el6eap.noarch", "product": { "name": "eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el6eap.noarch", "product_id": "eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el6eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-wildfly-transaction-client@1.1.11-1.Final_redhat_00001.1.el6eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el6eap.noarch", "product": { "name": "eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el6eap.noarch", "product_id": "eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el6eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-hal-console@3.0.23-1.Final_redhat_00001.1.el6eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "product": { "name": "eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "product_id": "eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jboss-server-migration@1.3.1-13.Final_redhat_00014.1.el6eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-jboss-server-migration-cli-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "product": { "name": "eap7-jboss-server-migration-cli-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "product_id": "eap7-jboss-server-migration-cli-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jboss-server-migration-cli@1.3.1-13.Final_redhat_00014.1.el6eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-jboss-server-migration-core-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "product": { "name": "eap7-jboss-server-migration-core-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "product_id": "eap7-jboss-server-migration-core-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jboss-server-migration-core@1.3.1-13.Final_redhat_00014.1.el6eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-jboss-server-migration-eap6.4-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "product": { "name": "eap7-jboss-server-migration-eap6.4-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "product_id": "eap7-jboss-server-migration-eap6.4-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jboss-server-migration-eap6.4@1.3.1-13.Final_redhat_00014.1.el6eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-jboss-server-migration-eap6.4-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "product": { "name": "eap7-jboss-server-migration-eap6.4-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "product_id": "eap7-jboss-server-migration-eap6.4-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jboss-server-migration-eap6.4-to-eap7.2@1.3.1-13.Final_redhat_00014.1.el6eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-jboss-server-migration-eap7.0-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "product": { "name": "eap7-jboss-server-migration-eap7.0-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "product_id": "eap7-jboss-server-migration-eap7.0-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jboss-server-migration-eap7.0@1.3.1-13.Final_redhat_00014.1.el6eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-jboss-server-migration-eap7.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "product": { "name": "eap7-jboss-server-migration-eap7.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "product_id": "eap7-jboss-server-migration-eap7.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jboss-server-migration-eap7.0-to-eap7.2@1.3.1-13.Final_redhat_00014.1.el6eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-jboss-server-migration-eap7.1-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "product": { "name": "eap7-jboss-server-migration-eap7.1-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "product_id": "eap7-jboss-server-migration-eap7.1-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jboss-server-migration-eap7.1@1.3.1-13.Final_redhat_00014.1.el6eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-jboss-server-migration-eap7.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "product": { "name": "eap7-jboss-server-migration-eap7.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "product_id": "eap7-jboss-server-migration-eap7.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jboss-server-migration-eap7.1-to-eap7.2@1.3.1-13.Final_redhat_00014.1.el6eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-jboss-server-migration-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "product": { "name": "eap7-jboss-server-migration-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "product_id": "eap7-jboss-server-migration-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jboss-server-migration-eap7.2@1.3.1-13.Final_redhat_00014.1.el6eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-jboss-server-migration-wildfly10.0-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "product": { "name": "eap7-jboss-server-migration-wildfly10.0-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "product_id": "eap7-jboss-server-migration-wildfly10.0-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jboss-server-migration-wildfly10.0@1.3.1-13.Final_redhat_00014.1.el6eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-jboss-server-migration-wildfly10.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "product": { "name": "eap7-jboss-server-migration-wildfly10.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "product_id": "eap7-jboss-server-migration-wildfly10.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jboss-server-migration-wildfly10.0-to-eap7.2@1.3.1-13.Final_redhat_00014.1.el6eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-jboss-server-migration-wildfly10.1-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "product": { "name": "eap7-jboss-server-migration-wildfly10.1-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "product_id": "eap7-jboss-server-migration-wildfly10.1-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jboss-server-migration-wildfly10.1@1.3.1-13.Final_redhat_00014.1.el6eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-jboss-server-migration-wildfly10.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "product": { "name": "eap7-jboss-server-migration-wildfly10.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "product_id": "eap7-jboss-server-migration-wildfly10.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jboss-server-migration-wildfly10.1-to-eap7.2@1.3.1-13.Final_redhat_00014.1.el6eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-jboss-server-migration-wildfly11.0-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "product": { "name": "eap7-jboss-server-migration-wildfly11.0-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "product_id": "eap7-jboss-server-migration-wildfly11.0-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jboss-server-migration-wildfly11.0@1.3.1-13.Final_redhat_00014.1.el6eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-jboss-server-migration-wildfly11.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "product": { "name": "eap7-jboss-server-migration-wildfly11.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "product_id": "eap7-jboss-server-migration-wildfly11.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jboss-server-migration-wildfly11.0-to-eap7.2@1.3.1-13.Final_redhat_00014.1.el6eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-jboss-server-migration-wildfly12.0-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "product": { "name": "eap7-jboss-server-migration-wildfly12.0-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "product_id": "eap7-jboss-server-migration-wildfly12.0-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jboss-server-migration-wildfly12.0@1.3.1-13.Final_redhat_00014.1.el6eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-jboss-server-migration-wildfly12.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "product": { "name": "eap7-jboss-server-migration-wildfly12.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "product_id": "eap7-jboss-server-migration-wildfly12.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jboss-server-migration-wildfly12.0-to-eap7.2@1.3.1-13.Final_redhat_00014.1.el6eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-jboss-server-migration-wildfly13.0-server-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "product": { "name": "eap7-jboss-server-migration-wildfly13.0-server-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "product_id": "eap7-jboss-server-migration-wildfly13.0-server-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jboss-server-migration-wildfly13.0-server@1.3.1-13.Final_redhat_00014.1.el6eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-jboss-server-migration-wildfly14.0-server-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "product": { "name": "eap7-jboss-server-migration-wildfly14.0-server-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "product_id": "eap7-jboss-server-migration-wildfly14.0-server-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jboss-server-migration-wildfly14.0-server@1.3.1-13.Final_redhat_00014.1.el6eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-jboss-server-migration-wildfly8.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "product": { "name": "eap7-jboss-server-migration-wildfly8.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "product_id": "eap7-jboss-server-migration-wildfly8.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jboss-server-migration-wildfly8.2@1.3.1-13.Final_redhat_00014.1.el6eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-jboss-server-migration-wildfly8.2-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "product": { "name": "eap7-jboss-server-migration-wildfly8.2-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "product_id": "eap7-jboss-server-migration-wildfly8.2-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jboss-server-migration-wildfly8.2-to-eap7.2@1.3.1-13.Final_redhat_00014.1.el6eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-jboss-server-migration-wildfly9.0-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "product": { "name": "eap7-jboss-server-migration-wildfly9.0-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "product_id": "eap7-jboss-server-migration-wildfly9.0-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jboss-server-migration-wildfly9.0@1.3.1-13.Final_redhat_00014.1.el6eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-jboss-server-migration-wildfly9.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "product": { "name": "eap7-jboss-server-migration-wildfly9.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "product_id": "eap7-jboss-server-migration-wildfly9.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jboss-server-migration-wildfly9.0-to-eap7.2@1.3.1-13.Final_redhat_00014.1.el6eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch", "product": { "name": "eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch", "product_id": "eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-wildfly-http-client-common@1.0.22-1.Final_redhat_00001.1.el6eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch", "product": { "name": "eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch", "product_id": "eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-wildfly-http-ejb-client@1.0.22-1.Final_redhat_00001.1.el6eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch", "product": { "name": "eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch", "product_id": "eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-wildfly-http-naming-client@1.0.22-1.Final_redhat_00001.1.el6eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch", "product": { "name": "eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch", "product_id": "eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-wildfly-http-transaction-client@1.0.22-1.Final_redhat_00001.1.el6eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el6eap.noarch", "product": { "name": "eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el6eap.noarch", "product_id": "eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el6eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-wildfly@7.2.9-4.GA_redhat_00003.1.el6eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-wildfly-javadocs-0:7.2.9-4.GA_redhat_00003.1.el6eap.noarch", "product": { "name": "eap7-wildfly-javadocs-0:7.2.9-4.GA_redhat_00003.1.el6eap.noarch", "product_id": "eap7-wildfly-javadocs-0:7.2.9-4.GA_redhat_00003.1.el6eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-wildfly-javadocs@7.2.9-4.GA_redhat_00003.1.el6eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-wildfly-modules-0:7.2.9-4.GA_redhat_00003.1.el6eap.noarch", "product": { "name": "eap7-wildfly-modules-0:7.2.9-4.GA_redhat_00003.1.el6eap.noarch", "product_id": "eap7-wildfly-modules-0:7.2.9-4.GA_redhat_00003.1.el6eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-wildfly-modules@7.2.9-4.GA_redhat_00003.1.el6eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "product": { "name": "eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "product_id": "eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-ironjacamar@1.4.22-1.Final_redhat_00001.1.el6eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "product": { "name": "eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "product_id": "eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-ironjacamar-common-api@1.4.22-1.Final_redhat_00001.1.el6eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "product": { "name": "eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "product_id": "eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-ironjacamar-common-impl@1.4.22-1.Final_redhat_00001.1.el6eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "product": { "name": "eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "product_id": "eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-ironjacamar-common-spi@1.4.22-1.Final_redhat_00001.1.el6eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "product": { "name": "eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "product_id": "eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-ironjacamar-core-api@1.4.22-1.Final_redhat_00001.1.el6eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "product": { "name": "eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "product_id": "eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-ironjacamar-core-impl@1.4.22-1.Final_redhat_00001.1.el6eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "product": { "name": "eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "product_id": "eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-ironjacamar-deployers-common@1.4.22-1.Final_redhat_00001.1.el6eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "product": { "name": "eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "product_id": "eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-ironjacamar-jdbc@1.4.22-1.Final_redhat_00001.1.el6eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "product": { "name": "eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "product_id": "eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-ironjacamar-validator@1.4.22-1.Final_redhat_00001.1.el6eap?arch=noarch" } } } ], "category": "architecture", "name": "noarch" }, { "branches": [ { "category": "product_version", "name": "eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el6eap.src", "product": { "name": "eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el6eap.src", "product_id": "eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el6eap.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-hibernate-validator@6.0.20-1.Final_redhat_00001.1.el6eap?arch=src" } } }, { "category": "product_version", "name": "eap7-elytron-web-0:1.2.5-1.Final_redhat_00001.1.el6eap.src", "product": { "name": "eap7-elytron-web-0:1.2.5-1.Final_redhat_00001.1.el6eap.src", "product_id": "eap7-elytron-web-0:1.2.5-1.Final_redhat_00001.1.el6eap.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-elytron-web@1.2.5-1.Final_redhat_00001.1.el6eap?arch=src" } } }, { "category": "product_version", "name": "eap7-dom4j-0:2.1.3-1.redhat_00001.1.el6eap.src", "product": { "name": "eap7-dom4j-0:2.1.3-1.redhat_00001.1.el6eap.src", "product_id": "eap7-dom4j-0:2.1.3-1.redhat_00001.1.el6eap.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-dom4j@2.1.3-1.redhat_00001.1.el6eap?arch=src" } } }, { "category": "product_version", "name": "eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el6eap.src", "product": { "name": "eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el6eap.src", "product_id": "eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el6eap.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-resteasy@3.6.1-10.SP9_redhat_00001.1.el6eap?arch=src" } } }, { "category": "product_version", "name": "eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el6eap.src", "product": { "name": "eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el6eap.src", "product_id": "eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el6eap.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jboss-xnio-base@3.7.6-4.SP3_redhat_00001.1.el6eap?arch=src" } } }, { "category": "product_version", "name": "eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el6eap.src", "product": { "name": "eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el6eap.src", "product_id": "eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el6eap.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jackson-databind@2.9.10.4-1.redhat_00001.1.el6eap?arch=src" } } }, { "category": "product_version", "name": "eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el6eap.src", "product": { "name": "eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el6eap.src", "product_id": "eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el6eap.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-hibernate@5.3.17-1.Final_redhat_00001.1.el6eap?arch=src" } } }, { "category": "product_version", "name": "eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el6eap.src", "product": { "name": "eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el6eap.src", "product_id": "eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el6eap.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jboss-genericjms@2.0.6-1.Final_redhat_00001.1.el6eap?arch=src" } } }, { "category": "product_version", "name": "eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el6eap.src", "product": { "name": "eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el6eap.src", "product_id": "eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el6eap.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-undertow@2.0.30-4.SP4_redhat_00001.1.el6eap?arch=src" } } }, { "category": "product_version", "name": "eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el6eap.src", "product": { "name": "eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el6eap.src", "product_id": "eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el6eap.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-wildfly-elytron@1.6.8-1.Final_redhat_00001.1.el6eap?arch=src" } } }, { "category": "product_version", "name": "eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el6eap.src", "product": { "name": "eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el6eap.src", "product_id": "eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el6eap.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-glassfish-jsf@2.3.5-13.SP3_redhat_00011.1.el6eap?arch=src" } } }, { "category": "product_version", "name": "eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el6eap.src", "product": { "name": "eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el6eap.src", "product_id": "eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el6eap.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jboss-jsf-api_2.3_spec@2.3.5-7.SP2_redhat_00005.1.el6eap?arch=src" } } }, { "category": "product_version", "name": "eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el6eap.src", "product": { "name": "eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el6eap.src", "product_id": "eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el6eap.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jboss-logmanager@2.1.15-1.Final_redhat_00001.1.el6eap?arch=src" } } }, { "category": "product_version", "name": "eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el6eap.src", "product": { "name": "eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el6eap.src", "product_id": "eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el6eap.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-weld-core@3.0.6-4.Final_redhat_00004.1.el6eap?arch=src" } } }, { "category": "product_version", "name": "eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el6eap.src", "product": { "name": "eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el6eap.src", "product_id": "eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el6eap.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jboss-modules@1.8.10-1.Final_redhat_00001.1.el6eap?arch=src" } } }, { "category": "product_version", "name": "eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el6eap.src", "product": { "name": "eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el6eap.src", "product_id": "eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el6eap.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-wildfly-transaction-client@1.1.11-1.Final_redhat_00001.1.el6eap?arch=src" } } }, { "category": "product_version", "name": "eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el6eap.src", "product": { "name": "eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el6eap.src", "product_id": "eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el6eap.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-hal-console@3.0.23-1.Final_redhat_00001.1.el6eap?arch=src" } } }, { "category": "product_version", "name": "eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el6eap.src", "product": { "name": "eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el6eap.src", "product_id": "eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el6eap.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jboss-server-migration@1.3.1-13.Final_redhat_00014.1.el6eap?arch=src" } } }, { "category": "product_version", "name": "eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.src", "product": { "name": "eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.src", "product_id": "eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-wildfly-http-client@1.0.22-1.Final_redhat_00001.1.el6eap?arch=src" } } }, { "category": "product_version", "name": "eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el6eap.src", "product": { "name": "eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el6eap.src", "product_id": "eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el6eap.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-wildfly@7.2.9-4.GA_redhat_00003.1.el6eap?arch=src" } } }, { "category": "product_version", "name": "eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el6eap.src", "product": { "name": "eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el6eap.src", "product_id": "eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el6eap.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-ironjacamar@1.4.22-1.Final_redhat_00001.1.el6eap?arch=src" } } } ], "category": "architecture", "name": "src" } ], "category": "vendor", "name": "Red Hat" } ], "relationships": [ { "category": "default_component_of", "full_product_name": { "name": "eap7-dom4j-0:2.1.3-1.redhat_00001.1.el6eap.noarch as a component of Red Hat JBoss EAP 7.2 for RHEL 6 Server", "product_id": "6Server-JBEAP-7.2:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el6eap.noarch" }, "product_reference": "eap7-dom4j-0:2.1.3-1.redhat_00001.1.el6eap.noarch", "relates_to_product_reference": "6Server-JBEAP-7.2" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-dom4j-0:2.1.3-1.redhat_00001.1.el6eap.src as a component of Red Hat JBoss EAP 7.2 for RHEL 6 Server", "product_id": "6Server-JBEAP-7.2:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el6eap.src" }, "product_reference": "eap7-dom4j-0:2.1.3-1.redhat_00001.1.el6eap.src", "relates_to_product_reference": "6Server-JBEAP-7.2" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-elytron-web-0:1.2.5-1.Final_redhat_00001.1.el6eap.src as a component of Red Hat JBoss EAP 7.2 for RHEL 6 Server", "product_id": "6Server-JBEAP-7.2:eap7-elytron-web-0:1.2.5-1.Final_redhat_00001.1.el6eap.src" }, "product_reference": "eap7-elytron-web-0:1.2.5-1.Final_redhat_00001.1.el6eap.src", "relates_to_product_reference": "6Server-JBEAP-7.2" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el6eap.noarch as a component of Red Hat JBoss EAP 7.2 for RHEL 6 Server", "product_id": "6Server-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el6eap.noarch" }, "product_reference": "eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el6eap.noarch", "relates_to_product_reference": "6Server-JBEAP-7.2" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el6eap.src as a component of Red Hat JBoss EAP 7.2 for RHEL 6 Server", "product_id": "6Server-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el6eap.src" }, "product_reference": "eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el6eap.src", "relates_to_product_reference": "6Server-JBEAP-7.2" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el6eap.noarch as a component of Red Hat JBoss EAP 7.2 for RHEL 6 Server", "product_id": "6Server-JBEAP-7.2:eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el6eap.noarch" }, "product_reference": "eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el6eap.noarch", "relates_to_product_reference": "6Server-JBEAP-7.2" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el6eap.src as a component of Red Hat JBoss EAP 7.2 for RHEL 6 Server", "product_id": "6Server-JBEAP-7.2:eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el6eap.src" }, "product_reference": "eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el6eap.src", "relates_to_product_reference": "6Server-JBEAP-7.2" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch as a component of Red Hat JBoss EAP 7.2 for RHEL 6 Server", "product_id": "6Server-JBEAP-7.2:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch" }, "product_reference": "eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "relates_to_product_reference": "6Server-JBEAP-7.2" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el6eap.src as a component of Red Hat JBoss EAP 7.2 for RHEL 6 Server", "product_id": "6Server-JBEAP-7.2:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el6eap.src" }, "product_reference": "eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el6eap.src", "relates_to_product_reference": "6Server-JBEAP-7.2" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch as a component of Red Hat JBoss EAP 7.2 for RHEL 6 Server", "product_id": "6Server-JBEAP-7.2:eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch" }, "product_reference": "eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "relates_to_product_reference": "6Server-JBEAP-7.2" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch as a component of Red Hat JBoss EAP 7.2 for RHEL 6 Server", "product_id": "6Server-JBEAP-7.2:eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch" }, "product_reference": "eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "relates_to_product_reference": "6Server-JBEAP-7.2" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch as a component of Red Hat JBoss EAP 7.2 for RHEL 6 Server", "product_id": "6Server-JBEAP-7.2:eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch" }, "product_reference": "eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "relates_to_product_reference": "6Server-JBEAP-7.2" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch as a component of Red Hat JBoss EAP 7.2 for RHEL 6 Server", "product_id": "6Server-JBEAP-7.2:eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch" }, "product_reference": "eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "relates_to_product_reference": "6Server-JBEAP-7.2" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el6eap.noarch as a component of Red Hat JBoss EAP 7.2 for RHEL 6 Server", "product_id": "6Server-JBEAP-7.2:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el6eap.noarch" }, "product_reference": "eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el6eap.noarch", "relates_to_product_reference": "6Server-JBEAP-7.2" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el6eap.src as a component of Red Hat JBoss EAP 7.2 for RHEL 6 Server", "product_id": "6Server-JBEAP-7.2:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el6eap.src" }, "product_reference": "eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el6eap.src", "relates_to_product_reference": "6Server-JBEAP-7.2" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el6eap.noarch as a component of Red Hat JBoss EAP 7.2 for RHEL 6 Server", "product_id": "6Server-JBEAP-7.2:eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el6eap.noarch" }, "product_reference": "eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el6eap.noarch", "relates_to_product_reference": "6Server-JBEAP-7.2" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch as a component of Red Hat JBoss EAP 7.2 for RHEL 6 Server", "product_id": "6Server-JBEAP-7.2:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch" }, "product_reference": "eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "relates_to_product_reference": "6Server-JBEAP-7.2" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el6eap.src as a component of Red Hat JBoss EAP 7.2 for RHEL 6 Server", "product_id": "6Server-JBEAP-7.2:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el6eap.src" }, "product_reference": "eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el6eap.src", "relates_to_product_reference": "6Server-JBEAP-7.2" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch as a component of Red Hat JBoss EAP 7.2 for RHEL 6 Server", "product_id": "6Server-JBEAP-7.2:eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch" }, "product_reference": "eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "relates_to_product_reference": "6Server-JBEAP-7.2" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch as a component of Red Hat JBoss EAP 7.2 for RHEL 6 Server", "product_id": "6Server-JBEAP-7.2:eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch" }, "product_reference": "eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "relates_to_product_reference": "6Server-JBEAP-7.2" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch as a component of Red Hat JBoss EAP 7.2 for RHEL 6 Server", "product_id": "6Server-JBEAP-7.2:eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch" }, "product_reference": "eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "relates_to_product_reference": "6Server-JBEAP-7.2" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch as a component of Red Hat JBoss EAP 7.2 for RHEL 6 Server", "product_id": "6Server-JBEAP-7.2:eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch" }, "product_reference": "eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "relates_to_product_reference": "6Server-JBEAP-7.2" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch as a component of Red Hat JBoss EAP 7.2 for RHEL 6 Server", "product_id": "6Server-JBEAP-7.2:eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch" }, "product_reference": "eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "relates_to_product_reference": "6Server-JBEAP-7.2" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch as a component of Red Hat JBoss EAP 7.2 for RHEL 6 Server", "product_id": "6Server-JBEAP-7.2:eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch" }, "product_reference": "eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "relates_to_product_reference": "6Server-JBEAP-7.2" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch as a component of Red Hat JBoss EAP 7.2 for RHEL 6 Server", "product_id": "6Server-JBEAP-7.2:eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch" }, "product_reference": "eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "relates_to_product_reference": "6Server-JBEAP-7.2" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch as a component of Red Hat JBoss EAP 7.2 for RHEL 6 Server", "product_id": "6Server-JBEAP-7.2:eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch" }, "product_reference": "eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "relates_to_product_reference": "6Server-JBEAP-7.2" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el6eap.noarch as a component of Red Hat JBoss EAP 7.2 for RHEL 6 Server", "product_id": "6Server-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el6eap.noarch" }, "product_reference": "eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el6eap.noarch", "relates_to_product_reference": "6Server-JBEAP-7.2" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el6eap.src as a component of Red Hat JBoss EAP 7.2 for RHEL 6 Server", "product_id": "6Server-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el6eap.src" }, "product_reference": "eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el6eap.src", "relates_to_product_reference": "6Server-JBEAP-7.2" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el6eap.noarch as a component of Red Hat JBoss EAP 7.2 for RHEL 6 Server", "product_id": "6Server-JBEAP-7.2:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el6eap.noarch" }, "product_reference": "eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el6eap.noarch", "relates_to_product_reference": "6Server-JBEAP-7.2" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el6eap.src as a component of Red Hat JBoss EAP 7.2 for RHEL 6 Server", "product_id": "6Server-JBEAP-7.2:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el6eap.src" }, "product_reference": "eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el6eap.src", "relates_to_product_reference": "6Server-JBEAP-7.2" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el6eap.noarch as a component of Red Hat JBoss EAP 7.2 for RHEL 6 Server", "product_id": "6Server-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el6eap.noarch" }, "product_reference": "eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el6eap.noarch", "relates_to_product_reference": "6Server-JBEAP-7.2" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el6eap.src as a component of Red Hat JBoss EAP 7.2 for RHEL 6 Server", "product_id": "6Server-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el6eap.src" }, "product_reference": "eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el6eap.src", "relates_to_product_reference": "6Server-JBEAP-7.2" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el6eap.noarch as a component of Red Hat JBoss EAP 7.2 for RHEL 6 Server", "product_id": "6Server-JBEAP-7.2:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el6eap.noarch" }, "product_reference": "eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el6eap.noarch", "relates_to_product_reference": "6Server-JBEAP-7.2" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el6eap.src as a component of Red Hat JBoss EAP 7.2 for RHEL 6 Server", "product_id": "6Server-JBEAP-7.2:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el6eap.src" }, "product_reference": "eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el6eap.src", "relates_to_product_reference": "6Server-JBEAP-7.2" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el6eap.noarch as a component of Red Hat JBoss EAP 7.2 for RHEL 6 Server", "product_id": "6Server-JBEAP-7.2:eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el6eap.noarch" }, "product_reference": "eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el6eap.noarch", "relates_to_product_reference": "6Server-JBEAP-7.2" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el6eap.src as a component of Red Hat JBoss EAP 7.2 for RHEL 6 Server", "product_id": "6Server-JBEAP-7.2:eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el6eap.src" }, "product_reference": "eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el6eap.src", "relates_to_product_reference": "6Server-JBEAP-7.2" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch as a component of Red Hat JBoss EAP 7.2 for RHEL 6 Server", "product_id": "6Server-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch" }, "product_reference": "eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "relates_to_product_reference": "6Server-JBEAP-7.2" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el6eap.src as a component of Red Hat JBoss EAP 7.2 for RHEL 6 Server", "product_id": "6Server-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el6eap.src" }, "product_reference": "eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el6eap.src", "relates_to_product_reference": "6Server-JBEAP-7.2" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jboss-server-migration-cli-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch as a component of Red Hat JBoss EAP 7.2 for RHEL 6 Server", "product_id": "6Server-JBEAP-7.2:eap7-jboss-server-migration-cli-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch" }, "product_reference": "eap7-jboss-server-migration-cli-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "relates_to_product_reference": "6Server-JBEAP-7.2" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jboss-server-migration-core-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch as a component of Red Hat JBoss EAP 7.2 for RHEL 6 Server", "product_id": "6Server-JBEAP-7.2:eap7-jboss-server-migration-core-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch" }, "product_reference": "eap7-jboss-server-migration-core-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "relates_to_product_reference": "6Server-JBEAP-7.2" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jboss-server-migration-eap6.4-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch as a component of Red Hat JBoss EAP 7.2 for RHEL 6 Server", "product_id": "6Server-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch" }, "product_reference": "eap7-jboss-server-migration-eap6.4-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "relates_to_product_reference": "6Server-JBEAP-7.2" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jboss-server-migration-eap6.4-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch as a component of Red Hat JBoss EAP 7.2 for RHEL 6 Server", "product_id": "6Server-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch" }, "product_reference": "eap7-jboss-server-migration-eap6.4-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "relates_to_product_reference": "6Server-JBEAP-7.2" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jboss-server-migration-eap7.0-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch as a component of Red Hat JBoss EAP 7.2 for RHEL 6 Server", "product_id": "6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch" }, "product_reference": "eap7-jboss-server-migration-eap7.0-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "relates_to_product_reference": "6Server-JBEAP-7.2" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jboss-server-migration-eap7.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch as a component of Red Hat JBoss EAP 7.2 for RHEL 6 Server", "product_id": "6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch" }, "product_reference": "eap7-jboss-server-migration-eap7.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "relates_to_product_reference": "6Server-JBEAP-7.2" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jboss-server-migration-eap7.1-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch as a component of Red Hat JBoss EAP 7.2 for RHEL 6 Server", "product_id": "6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch" }, "product_reference": "eap7-jboss-server-migration-eap7.1-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "relates_to_product_reference": "6Server-JBEAP-7.2" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jboss-server-migration-eap7.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch as a component of Red Hat JBoss EAP 7.2 for RHEL 6 Server", "product_id": "6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch" }, "product_reference": "eap7-jboss-server-migration-eap7.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "relates_to_product_reference": "6Server-JBEAP-7.2" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jboss-server-migration-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch as a component of Red Hat JBoss EAP 7.2 for RHEL 6 Server", "product_id": "6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch" }, "product_reference": "eap7-jboss-server-migration-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "relates_to_product_reference": "6Server-JBEAP-7.2" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jboss-server-migration-wildfly10.0-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch as a component of Red Hat JBoss EAP 7.2 for RHEL 6 Server", "product_id": "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch" }, "product_reference": "eap7-jboss-server-migration-wildfly10.0-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "relates_to_product_reference": "6Server-JBEAP-7.2" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jboss-server-migration-wildfly10.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch as a component of Red Hat JBoss EAP 7.2 for RHEL 6 Server", "product_id": "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch" }, "product_reference": "eap7-jboss-server-migration-wildfly10.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "relates_to_product_reference": "6Server-JBEAP-7.2" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jboss-server-migration-wildfly10.1-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch as a component of Red Hat JBoss EAP 7.2 for RHEL 6 Server", "product_id": "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch" }, "product_reference": "eap7-jboss-server-migration-wildfly10.1-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "relates_to_product_reference": "6Server-JBEAP-7.2" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jboss-server-migration-wildfly10.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch as a component of Red Hat JBoss EAP 7.2 for RHEL 6 Server", "product_id": "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch" }, "product_reference": "eap7-jboss-server-migration-wildfly10.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "relates_to_product_reference": "6Server-JBEAP-7.2" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jboss-server-migration-wildfly11.0-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch as a component of Red Hat JBoss EAP 7.2 for RHEL 6 Server", "product_id": "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch" }, "product_reference": "eap7-jboss-server-migration-wildfly11.0-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "relates_to_product_reference": "6Server-JBEAP-7.2" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jboss-server-migration-wildfly11.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch as a component of Red Hat JBoss EAP 7.2 for RHEL 6 Server", "product_id": "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch" }, "product_reference": "eap7-jboss-server-migration-wildfly11.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "relates_to_product_reference": "6Server-JBEAP-7.2" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jboss-server-migration-wildfly12.0-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch as a component of Red Hat JBoss EAP 7.2 for RHEL 6 Server", "product_id": "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch" }, "product_reference": "eap7-jboss-server-migration-wildfly12.0-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "relates_to_product_reference": "6Server-JBEAP-7.2" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jboss-server-migration-wildfly12.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch as a component of Red Hat JBoss EAP 7.2 for RHEL 6 Server", "product_id": "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch" }, "product_reference": "eap7-jboss-server-migration-wildfly12.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "relates_to_product_reference": "6Server-JBEAP-7.2" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jboss-server-migration-wildfly13.0-server-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch as a component of Red Hat JBoss EAP 7.2 for RHEL 6 Server", "product_id": "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly13.0-server-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch" }, "product_reference": "eap7-jboss-server-migration-wildfly13.0-server-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "relates_to_product_reference": "6Server-JBEAP-7.2" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jboss-server-migration-wildfly14.0-server-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch as a component of Red Hat JBoss EAP 7.2 for RHEL 6 Server", "product_id": "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly14.0-server-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch" }, "product_reference": "eap7-jboss-server-migration-wildfly14.0-server-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "relates_to_product_reference": "6Server-JBEAP-7.2" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jboss-server-migration-wildfly8.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch as a component of Red Hat JBoss EAP 7.2 for RHEL 6 Server", "product_id": "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch" }, "product_reference": "eap7-jboss-server-migration-wildfly8.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "relates_to_product_reference": "6Server-JBEAP-7.2" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jboss-server-migration-wildfly8.2-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch as a component of Red Hat JBoss EAP 7.2 for RHEL 6 Server", "product_id": "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch" }, "product_reference": "eap7-jboss-server-migration-wildfly8.2-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "relates_to_product_reference": "6Server-JBEAP-7.2" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jboss-server-migration-wildfly9.0-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch as a component of Red Hat JBoss EAP 7.2 for RHEL 6 Server", "product_id": "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch" }, "product_reference": "eap7-jboss-server-migration-wildfly9.0-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "relates_to_product_reference": "6Server-JBEAP-7.2" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jboss-server-migration-wildfly9.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch as a component of Red Hat JBoss EAP 7.2 for RHEL 6 Server", "product_id": "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch" }, "product_reference": "eap7-jboss-server-migration-wildfly9.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "relates_to_product_reference": "6Server-JBEAP-7.2" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el6eap.noarch as a component of Red Hat JBoss EAP 7.2 for RHEL 6 Server", "product_id": "6Server-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el6eap.noarch" }, "product_reference": "eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el6eap.noarch", "relates_to_product_reference": "6Server-JBEAP-7.2" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el6eap.src as a component of Red Hat JBoss EAP 7.2 for RHEL 6 Server", "product_id": "6Server-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el6eap.src" }, "product_reference": "eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el6eap.src", "relates_to_product_reference": "6Server-JBEAP-7.2" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch as a component of Red Hat JBoss EAP 7.2 for RHEL 6 Server", "product_id": "6Server-JBEAP-7.2:eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch" }, "product_reference": "eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "relates_to_product_reference": "6Server-JBEAP-7.2" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el6eap.src as a component of Red Hat JBoss EAP 7.2 for RHEL 6 Server", "product_id": "6Server-JBEAP-7.2:eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el6eap.src" }, "product_reference": "eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el6eap.src", "relates_to_product_reference": "6Server-JBEAP-7.2" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-resteasy-atom-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch as a component of Red Hat JBoss EAP 7.2 for RHEL 6 Server", "product_id": "6Server-JBEAP-7.2:eap7-resteasy-atom-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch" }, "product_reference": "eap7-resteasy-atom-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "relates_to_product_reference": "6Server-JBEAP-7.2" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-resteasy-cdi-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch as a component of Red Hat JBoss EAP 7.2 for RHEL 6 Server", "product_id": "6Server-JBEAP-7.2:eap7-resteasy-cdi-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch" }, "product_reference": "eap7-resteasy-cdi-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "relates_to_product_reference": "6Server-JBEAP-7.2" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-resteasy-client-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch as a component of Red Hat JBoss EAP 7.2 for RHEL 6 Server", "product_id": "6Server-JBEAP-7.2:eap7-resteasy-client-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch" }, "product_reference": "eap7-resteasy-client-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "relates_to_product_reference": "6Server-JBEAP-7.2" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-resteasy-client-microprofile-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch as a component of Red Hat JBoss EAP 7.2 for RHEL 6 Server", "product_id": "6Server-JBEAP-7.2:eap7-resteasy-client-microprofile-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch" }, "product_reference": "eap7-resteasy-client-microprofile-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "relates_to_product_reference": "6Server-JBEAP-7.2" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-resteasy-crypto-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch as a component of Red Hat JBoss EAP 7.2 for RHEL 6 Server", "product_id": "6Server-JBEAP-7.2:eap7-resteasy-crypto-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch" }, "product_reference": "eap7-resteasy-crypto-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "relates_to_product_reference": "6Server-JBEAP-7.2" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-resteasy-jackson-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch as a component of Red Hat JBoss EAP 7.2 for RHEL 6 Server", "product_id": "6Server-JBEAP-7.2:eap7-resteasy-jackson-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch" }, "product_reference": "eap7-resteasy-jackson-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "relates_to_product_reference": "6Server-JBEAP-7.2" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-resteasy-jackson2-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch as a component of Red Hat JBoss EAP 7.2 for RHEL 6 Server", "product_id": "6Server-JBEAP-7.2:eap7-resteasy-jackson2-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch" }, "product_reference": "eap7-resteasy-jackson2-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "relates_to_product_reference": "6Server-JBEAP-7.2" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-resteasy-jaxb-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch as a component of Red Hat JBoss EAP 7.2 for RHEL 6 Server", "product_id": "6Server-JBEAP-7.2:eap7-resteasy-jaxb-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch" }, "product_reference": "eap7-resteasy-jaxb-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "relates_to_product_reference": "6Server-JBEAP-7.2" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-resteasy-jaxrs-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch as a component of Red Hat JBoss EAP 7.2 for RHEL 6 Server", "product_id": "6Server-JBEAP-7.2:eap7-resteasy-jaxrs-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch" }, "product_reference": "eap7-resteasy-jaxrs-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "relates_to_product_reference": "6Server-JBEAP-7.2" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-resteasy-jettison-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch as a component of Red Hat JBoss EAP 7.2 for RHEL 6 Server", "product_id": "6Server-JBEAP-7.2:eap7-resteasy-jettison-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch" }, "product_reference": "eap7-resteasy-jettison-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "relates_to_product_reference": "6Server-JBEAP-7.2" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-resteasy-jose-jwt-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch as a component of Red Hat JBoss EAP 7.2 for RHEL 6 Server", "product_id": "6Server-JBEAP-7.2:eap7-resteasy-jose-jwt-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch" }, "product_reference": "eap7-resteasy-jose-jwt-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "relates_to_product_reference": "6Server-JBEAP-7.2" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-resteasy-jsapi-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch as a component of Red Hat JBoss EAP 7.2 for RHEL 6 Server", "product_id": "6Server-JBEAP-7.2:eap7-resteasy-jsapi-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch" }, "product_reference": "eap7-resteasy-jsapi-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "relates_to_product_reference": "6Server-JBEAP-7.2" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-resteasy-json-binding-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch as a component of Red Hat JBoss EAP 7.2 for RHEL 6 Server", "product_id": "6Server-JBEAP-7.2:eap7-resteasy-json-binding-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch" }, "product_reference": "eap7-resteasy-json-binding-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "relates_to_product_reference": "6Server-JBEAP-7.2" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-resteasy-json-p-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch as a component of Red Hat JBoss EAP 7.2 for RHEL 6 Server", "product_id": "6Server-JBEAP-7.2:eap7-resteasy-json-p-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch" }, "product_reference": "eap7-resteasy-json-p-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "relates_to_product_reference": "6Server-JBEAP-7.2" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-resteasy-multipart-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch as a component of Red Hat JBoss EAP 7.2 for RHEL 6 Server", "product_id": "6Server-JBEAP-7.2:eap7-resteasy-multipart-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch" }, "product_reference": "eap7-resteasy-multipart-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "relates_to_product_reference": "6Server-JBEAP-7.2" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-resteasy-rxjava2-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch as a component of Red Hat JBoss EAP 7.2 for RHEL 6 Server", "product_id": "6Server-JBEAP-7.2:eap7-resteasy-rxjava2-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch" }, "product_reference": "eap7-resteasy-rxjava2-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "relates_to_product_reference": "6Server-JBEAP-7.2" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-resteasy-spring-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch as a component of Red Hat JBoss EAP 7.2 for RHEL 6 Server", "product_id": "6Server-JBEAP-7.2:eap7-resteasy-spring-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch" }, "product_reference": "eap7-resteasy-spring-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "relates_to_product_reference": "6Server-JBEAP-7.2" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-resteasy-validator-provider-11-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch as a component of Red Hat JBoss EAP 7.2 for RHEL 6 Server", "product_id": "6Server-JBEAP-7.2:eap7-resteasy-validator-provider-11-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch" }, "product_reference": "eap7-resteasy-validator-provider-11-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "relates_to_product_reference": "6Server-JBEAP-7.2" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-resteasy-yaml-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch as a component of Red Hat JBoss EAP 7.2 for RHEL 6 Server", "product_id": "6Server-JBEAP-7.2:eap7-resteasy-yaml-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch" }, "product_reference": "eap7-resteasy-yaml-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "relates_to_product_reference": "6Server-JBEAP-7.2" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el6eap.noarch as a component of Red Hat JBoss EAP 7.2 for RHEL 6 Server", "product_id": "6Server-JBEAP-7.2:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el6eap.noarch" }, "product_reference": "eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el6eap.noarch", "relates_to_product_reference": "6Server-JBEAP-7.2" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el6eap.src as a component of Red Hat JBoss EAP 7.2 for RHEL 6 Server", "product_id": "6Server-JBEAP-7.2:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el6eap.src" }, "product_reference": "eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el6eap.src", "relates_to_product_reference": "6Server-JBEAP-7.2" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-undertow-server-0:1.2.5-1.Final_redhat_00001.1.el6eap.noarch as a component of Red Hat JBoss EAP 7.2 for RHEL 6 Server", "product_id": "6Server-JBEAP-7.2:eap7-undertow-server-0:1.2.5-1.Final_redhat_00001.1.el6eap.noarch" }, "product_reference": "eap7-undertow-server-0:1.2.5-1.Final_redhat_00001.1.el6eap.noarch", "relates_to_product_reference": "6Server-JBEAP-7.2" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch as a component of Red Hat JBoss EAP 7.2 for RHEL 6 Server", "product_id": "6Server-JBEAP-7.2:eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch" }, "product_reference": "eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch", "relates_to_product_reference": "6Server-JBEAP-7.2" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el6eap.src as a component of Red Hat JBoss EAP 7.2 for RHEL 6 Server", "product_id": "6Server-JBEAP-7.2:eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el6eap.src" }, "product_reference": "eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el6eap.src", "relates_to_product_reference": "6Server-JBEAP-7.2" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-weld-core-impl-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch as a component of Red Hat JBoss EAP 7.2 for RHEL 6 Server", "product_id": "6Server-JBEAP-7.2:eap7-weld-core-impl-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch" }, "product_reference": "eap7-weld-core-impl-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch", "relates_to_product_reference": "6Server-JBEAP-7.2" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-weld-core-jsf-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch as a component of Red Hat JBoss EAP 7.2 for RHEL 6 Server", "product_id": "6Server-JBEAP-7.2:eap7-weld-core-jsf-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch" }, "product_reference": "eap7-weld-core-jsf-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch", "relates_to_product_reference": "6Server-JBEAP-7.2" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-weld-ejb-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch as a component of Red Hat JBoss EAP 7.2 for RHEL 6 Server", "product_id": "6Server-JBEAP-7.2:eap7-weld-ejb-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch" }, "product_reference": "eap7-weld-ejb-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch", "relates_to_product_reference": "6Server-JBEAP-7.2" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-weld-jta-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch as a component of Red Hat JBoss EAP 7.2 for RHEL 6 Server", "product_id": "6Server-JBEAP-7.2:eap7-weld-jta-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch" }, "product_reference": "eap7-weld-jta-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch", "relates_to_product_reference": "6Server-JBEAP-7.2" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-weld-probe-core-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch as a component of Red Hat JBoss EAP 7.2 for RHEL 6 Server", "product_id": "6Server-JBEAP-7.2:eap7-weld-probe-core-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch" }, "product_reference": "eap7-weld-probe-core-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch", "relates_to_product_reference": "6Server-JBEAP-7.2" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-weld-web-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch as a component of Red Hat JBoss EAP 7.2 for RHEL 6 Server", "product_id": "6Server-JBEAP-7.2:eap7-weld-web-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch" }, "product_reference": "eap7-weld-web-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch", "relates_to_product_reference": "6Server-JBEAP-7.2" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el6eap.noarch as a component of Red Hat JBoss EAP 7.2 for RHEL 6 Server", "product_id": "6Server-JBEAP-7.2:eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el6eap.noarch" }, "product_reference": "eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el6eap.noarch", "relates_to_product_reference": "6Server-JBEAP-7.2" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el6eap.src as a component of Red Hat JBoss EAP 7.2 for RHEL 6 Server", "product_id": "6Server-JBEAP-7.2:eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el6eap.src" }, "product_reference": "eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el6eap.src", "relates_to_product_reference": "6Server-JBEAP-7.2" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el6eap.noarch as a component of Red Hat JBoss EAP 7.2 for RHEL 6 Server", "product_id": "6Server-JBEAP-7.2:eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el6eap.noarch" }, "product_reference": "eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el6eap.noarch", "relates_to_product_reference": "6Server-JBEAP-7.2" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el6eap.src as a component of Red Hat JBoss EAP 7.2 for RHEL 6 Server", "product_id": "6Server-JBEAP-7.2:eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el6eap.src" }, "product_reference": "eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el6eap.src", "relates_to_product_reference": "6Server-JBEAP-7.2" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.src as a component of Red Hat JBoss EAP 7.2 for RHEL 6 Server", "product_id": "6Server-JBEAP-7.2:eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.src" }, "product_reference": "eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.src", "relates_to_product_reference": "6Server-JBEAP-7.2" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch as a component of Red Hat JBoss EAP 7.2 for RHEL 6 Server", "product_id": "6Server-JBEAP-7.2:eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch" }, "product_reference": "eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch", "relates_to_product_reference": "6Server-JBEAP-7.2" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch as a component of Red Hat JBoss EAP 7.2 for RHEL 6 Server", "product_id": "6Server-JBEAP-7.2:eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch" }, "product_reference": "eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch", "relates_to_product_reference": "6Server-JBEAP-7.2" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch as a component of Red Hat JBoss EAP 7.2 for RHEL 6 Server", "product_id": "6Server-JBEAP-7.2:eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch" }, "product_reference": "eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch", "relates_to_product_reference": "6Server-JBEAP-7.2" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch as a component of Red Hat JBoss EAP 7.2 for RHEL 6 Server", "product_id": "6Server-JBEAP-7.2:eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch" }, "product_reference": "eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch", "relates_to_product_reference": "6Server-JBEAP-7.2" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-wildfly-javadocs-0:7.2.9-4.GA_redhat_00003.1.el6eap.noarch as a component of Red Hat JBoss EAP 7.2 for RHEL 6 Server", "product_id": "6Server-JBEAP-7.2:eap7-wildfly-javadocs-0:7.2.9-4.GA_redhat_00003.1.el6eap.noarch" }, "product_reference": "eap7-wildfly-javadocs-0:7.2.9-4.GA_redhat_00003.1.el6eap.noarch", "relates_to_product_reference": "6Server-JBEAP-7.2" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-wildfly-modules-0:7.2.9-4.GA_redhat_00003.1.el6eap.noarch as a component of Red Hat JBoss EAP 7.2 for RHEL 6 Server", "product_id": "6Server-JBEAP-7.2:eap7-wildfly-modules-0:7.2.9-4.GA_redhat_00003.1.el6eap.noarch" }, "product_reference": "eap7-wildfly-modules-0:7.2.9-4.GA_redhat_00003.1.el6eap.noarch", "relates_to_product_reference": "6Server-JBEAP-7.2" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el6eap.noarch as a component of Red Hat JBoss EAP 7.2 for RHEL 6 Server", "product_id": "6Server-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el6eap.noarch" }, "product_reference": "eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el6eap.noarch", "relates_to_product_reference": "6Server-JBEAP-7.2" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el6eap.src as a component of Red Hat JBoss EAP 7.2 for RHEL 6 Server", "product_id": "6Server-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el6eap.src" }, "product_reference": "eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el6eap.src", "relates_to_product_reference": "6Server-JBEAP-7.2" } ] }, "vulnerabilities": [ { "acknowledgments": [ { "names": [ "Guillaume Smet" ], "organization": "Red Hat", "summary": "This issue was discovered by Red Hat." } ], "cve": "CVE-2019-14900", "cwe": { "id": "CWE-89", "name": "Improper Neutralization of Special Elements used in an SQL Command (\u0027SQL Injection\u0027)" }, "discovery_date": "2019-01-15T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1666499" } ], "notes": [ { "category": "description", "text": "A flaw was found in Hibernate ORM. A SQL injection in the implementation of the JPA Criteria API can permit unsanitized literals when a literal is used in the SELECT or GROUP BY parts of the query. This flaw could allow an attacker to access unauthorized information or possibly conduct further attacks.", "title": "Vulnerability description" }, { "category": "summary", "text": "hibernate: SQL injection issue in Hibernate ORM", "title": "Vulnerability summary" }, { "category": "other", "text": "OpenDaylight:\nIn RHOSP10, RHOSP13 and RHOSP14 editions of Red Hat OpenStack platform, the hibernate-jfa library shipped with OpenDaylight is contains a flaw in the processing of SQL queries. The hibernate-jha implemenation is not used in a vulnerable way in OpenDaylight, preventing the potential for SQL injection.\n\nRed Hat Satellite 6.2, 6.3 and 6.4 contains affected versions of hibernate-core in its candlepin component. However, that component does not use hibernate-core in a vulnerable way.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "6Server-JBEAP-7.2:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-elytron-web-0:1.2.5-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el6eap.src", "6Server-JBEAP-7.2:eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el6eap.src", "6Server-JBEAP-7.2:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el6eap.src", "6Server-JBEAP-7.2:eap7-jboss-server-migration-cli-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-core-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly13.0-server-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly14.0-server-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-resteasy-atom-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-cdi-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-client-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-client-microprofile-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-crypto-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-jackson-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-jackson2-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-jaxb-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-jaxrs-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-jettison-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-jose-jwt-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-jsapi-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-json-binding-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-json-p-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-multipart-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-rxjava2-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-spring-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-validator-provider-11-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-yaml-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-undertow-server-0:1.2.5-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el6eap.src", "6Server-JBEAP-7.2:eap7-weld-core-impl-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-weld-core-jsf-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-weld-ejb-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-weld-jta-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-weld-probe-core-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-weld-web-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el6eap.src", "6Server-JBEAP-7.2:eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-javadocs-0:7.2.9-4.GA_redhat_00003.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-modules-0:7.2.9-4.GA_redhat_00003.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el6eap.src" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2019-14900" }, { "category": "external", "summary": "RHBZ#1666499", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1666499" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2019-14900", "url": "https://www.cve.org/CVERecord?id=CVE-2019-14900" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2019-14900", "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-14900" } ], "release_date": "2020-05-12T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2020-09-07T12:57:26+00:00", "details": "Before applying this update, back up your existing Red Hat JBoss Enterprise Application Platform installation and deployed applications.\n\nFor details about how to apply this update, which includes the changes described in this advisory, see:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "6Server-JBEAP-7.2:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-elytron-web-0:1.2.5-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el6eap.src", "6Server-JBEAP-7.2:eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el6eap.src", "6Server-JBEAP-7.2:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el6eap.src", "6Server-JBEAP-7.2:eap7-jboss-server-migration-cli-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-core-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly13.0-server-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly14.0-server-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-resteasy-atom-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-cdi-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-client-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-client-microprofile-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-crypto-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-jackson-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-jackson2-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-jaxb-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-jaxrs-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-jettison-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-jose-jwt-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-jsapi-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-json-binding-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-json-p-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-multipart-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-rxjava2-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-spring-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-validator-provider-11-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-yaml-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-undertow-server-0:1.2.5-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el6eap.src", "6Server-JBEAP-7.2:eap7-weld-core-impl-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-weld-core-jsf-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-weld-ejb-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-weld-jta-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-weld-probe-core-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-weld-web-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el6eap.src", "6Server-JBEAP-7.2:eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-javadocs-0:7.2.9-4.GA_redhat_00003.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-modules-0:7.2.9-4.GA_redhat_00003.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el6eap.src" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2020:3637" }, { "category": "workaround", "details": "There is no currently known mitigation for this flaw.", "product_ids": [ "6Server-JBEAP-7.2:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-elytron-web-0:1.2.5-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el6eap.src", "6Server-JBEAP-7.2:eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el6eap.src", "6Server-JBEAP-7.2:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el6eap.src", "6Server-JBEAP-7.2:eap7-jboss-server-migration-cli-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-core-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly13.0-server-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly14.0-server-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-resteasy-atom-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-cdi-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-client-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-client-microprofile-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-crypto-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-jackson-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-jackson2-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-jaxb-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-jaxrs-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-jettison-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-jose-jwt-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-jsapi-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-json-binding-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-json-p-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-multipart-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-rxjava2-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-spring-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-validator-provider-11-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-yaml-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-undertow-server-0:1.2.5-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el6eap.src", "6Server-JBEAP-7.2:eap7-weld-core-impl-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-weld-core-jsf-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-weld-ejb-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-weld-jta-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-weld-probe-core-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-weld-web-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el6eap.src", "6Server-JBEAP-7.2:eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-javadocs-0:7.2.9-4.GA_redhat_00003.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-modules-0:7.2.9-4.GA_redhat_00003.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el6eap.src" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "version": "3.1" }, "products": [ "6Server-JBEAP-7.2:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-elytron-web-0:1.2.5-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el6eap.src", "6Server-JBEAP-7.2:eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el6eap.src", "6Server-JBEAP-7.2:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el6eap.src", "6Server-JBEAP-7.2:eap7-jboss-server-migration-cli-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-core-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly13.0-server-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly14.0-server-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-resteasy-atom-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-cdi-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-client-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-client-microprofile-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-crypto-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-jackson-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-jackson2-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-jaxb-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-jaxrs-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-jettison-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-jose-jwt-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-jsapi-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-json-binding-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-json-p-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-multipart-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-rxjava2-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-spring-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-validator-provider-11-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-yaml-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-undertow-server-0:1.2.5-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el6eap.src", "6Server-JBEAP-7.2:eap7-weld-core-impl-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-weld-core-jsf-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-weld-ejb-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-weld-jta-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-weld-probe-core-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-weld-web-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el6eap.src", "6Server-JBEAP-7.2:eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-javadocs-0:7.2.9-4.GA_redhat_00003.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-modules-0:7.2.9-4.GA_redhat_00003.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el6eap.src" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "hibernate: SQL injection issue in Hibernate ORM" }, { "acknowledgments": [ { "names": [ "Mirko Selber" ], "organization": "Compass Security" } ], "cve": "CVE-2020-1695", "cwe": { "id": "CWE-20", "name": "Improper Input Validation" }, "discovery_date": "2019-07-16T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1730462" } ], "notes": [ { "category": "description", "text": "A flaw was found in Resteasy, where an improper input validation results in returning an illegal header that integrates into the server\u0027s response. This flaw may result in an injection, which leads to unexpected behavior when the HTTP response is constructed.", "title": "Vulnerability description" }, { "category": "summary", "text": "resteasy: Improper validation of response header in MediaTypeHeaderDelegate.java class", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "6Server-JBEAP-7.2:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-elytron-web-0:1.2.5-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el6eap.src", "6Server-JBEAP-7.2:eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el6eap.src", "6Server-JBEAP-7.2:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el6eap.src", "6Server-JBEAP-7.2:eap7-jboss-server-migration-cli-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-core-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly13.0-server-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly14.0-server-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-resteasy-atom-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-cdi-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-client-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-client-microprofile-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-crypto-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-jackson-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-jackson2-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-jaxb-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-jaxrs-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-jettison-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-jose-jwt-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-jsapi-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-json-binding-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-json-p-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-multipart-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-rxjava2-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-spring-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-validator-provider-11-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-yaml-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-undertow-server-0:1.2.5-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el6eap.src", "6Server-JBEAP-7.2:eap7-weld-core-impl-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-weld-core-jsf-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-weld-ejb-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-weld-jta-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-weld-probe-core-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-weld-web-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el6eap.src", "6Server-JBEAP-7.2:eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-javadocs-0:7.2.9-4.GA_redhat_00003.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-modules-0:7.2.9-4.GA_redhat_00003.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el6eap.src" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2020-1695" }, { "category": "external", "summary": "RHBZ#1730462", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1730462" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2020-1695", "url": "https://www.cve.org/CVERecord?id=CVE-2020-1695" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-1695", "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-1695" } ], "release_date": "2020-04-15T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2020-09-07T12:57:26+00:00", "details": "Before applying this update, back up your existing Red Hat JBoss Enterprise Application Platform installation and deployed applications.\n\nFor details about how to apply this update, which includes the changes described in this advisory, see:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "6Server-JBEAP-7.2:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-elytron-web-0:1.2.5-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el6eap.src", "6Server-JBEAP-7.2:eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el6eap.src", "6Server-JBEAP-7.2:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el6eap.src", "6Server-JBEAP-7.2:eap7-jboss-server-migration-cli-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-core-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly13.0-server-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly14.0-server-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-resteasy-atom-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-cdi-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-client-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-client-microprofile-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-crypto-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-jackson-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-jackson2-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-jaxb-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-jaxrs-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-jettison-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-jose-jwt-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-jsapi-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-json-binding-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-json-p-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-multipart-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-rxjava2-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-spring-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-validator-provider-11-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-yaml-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-undertow-server-0:1.2.5-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el6eap.src", "6Server-JBEAP-7.2:eap7-weld-core-impl-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-weld-core-jsf-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-weld-ejb-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-weld-jta-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-weld-probe-core-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-weld-web-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el6eap.src", "6Server-JBEAP-7.2:eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-javadocs-0:7.2.9-4.GA_redhat_00003.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-modules-0:7.2.9-4.GA_redhat_00003.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el6eap.src" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2020:3637" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", "version": "3.0" }, "products": [ "6Server-JBEAP-7.2:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-elytron-web-0:1.2.5-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el6eap.src", "6Server-JBEAP-7.2:eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el6eap.src", "6Server-JBEAP-7.2:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el6eap.src", "6Server-JBEAP-7.2:eap7-jboss-server-migration-cli-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-core-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly13.0-server-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly14.0-server-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-resteasy-atom-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-cdi-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-client-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-client-microprofile-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-crypto-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-jackson-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-jackson2-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-jaxb-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-jaxrs-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-jettison-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-jose-jwt-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-jsapi-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-json-binding-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-json-p-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-multipart-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-rxjava2-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-spring-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-validator-provider-11-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-yaml-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-undertow-server-0:1.2.5-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el6eap.src", "6Server-JBEAP-7.2:eap7-weld-core-impl-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-weld-core-jsf-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-weld-ejb-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-weld-jta-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-weld-probe-core-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-weld-web-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el6eap.src", "6Server-JBEAP-7.2:eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-javadocs-0:7.2.9-4.GA_redhat_00003.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-modules-0:7.2.9-4.GA_redhat_00003.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el6eap.src" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "resteasy: Improper validation of response header in MediaTypeHeaderDelegate.java class" }, { "cve": "CVE-2020-1710", "cwe": { "id": "CWE-113", "name": "Improper Neutralization of CRLF Sequences in HTTP Headers (\u0027HTTP Request/Response Splitting\u0027)" }, "discovery_date": "2019-12-20T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1793970" } ], "notes": [ { "category": "description", "text": "A flaw was discovered in JBoss EAP, where it does not process the header field-name in accordance with RFC7230. Whitespace between the header field-name and colon is processed, resulting in an HTTP response code of 200 instead of a bad request of 400.", "title": "Vulnerability description" }, { "category": "summary", "text": "EAP: field-name is not parsed in accordance to RFC7230", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "6Server-JBEAP-7.2:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-elytron-web-0:1.2.5-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el6eap.src", "6Server-JBEAP-7.2:eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el6eap.src", "6Server-JBEAP-7.2:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el6eap.src", "6Server-JBEAP-7.2:eap7-jboss-server-migration-cli-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-core-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly13.0-server-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly14.0-server-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-resteasy-atom-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-cdi-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-client-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-client-microprofile-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-crypto-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-jackson-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-jackson2-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-jaxb-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-jaxrs-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-jettison-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-jose-jwt-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-jsapi-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-json-binding-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-json-p-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-multipart-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-rxjava2-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-spring-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-validator-provider-11-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-yaml-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-undertow-server-0:1.2.5-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el6eap.src", "6Server-JBEAP-7.2:eap7-weld-core-impl-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-weld-core-jsf-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-weld-ejb-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-weld-jta-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-weld-probe-core-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-weld-web-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el6eap.src", "6Server-JBEAP-7.2:eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-javadocs-0:7.2.9-4.GA_redhat_00003.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-modules-0:7.2.9-4.GA_redhat_00003.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el6eap.src" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2020-1710" }, { "category": "external", "summary": "RHBZ#1793970", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1793970" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2020-1710", "url": "https://www.cve.org/CVERecord?id=CVE-2020-1710" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-1710", "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-1710" } ], "release_date": "2020-08-06T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2020-09-07T12:57:26+00:00", "details": "Before applying this update, back up your existing Red Hat JBoss Enterprise Application Platform installation and deployed applications.\n\nFor details about how to apply this update, which includes the changes described in this advisory, see:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "6Server-JBEAP-7.2:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-elytron-web-0:1.2.5-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el6eap.src", "6Server-JBEAP-7.2:eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el6eap.src", "6Server-JBEAP-7.2:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el6eap.src", "6Server-JBEAP-7.2:eap7-jboss-server-migration-cli-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-core-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly13.0-server-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly14.0-server-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-resteasy-atom-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-cdi-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-client-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-client-microprofile-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-crypto-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-jackson-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-jackson2-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-jaxb-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-jaxrs-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-jettison-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-jose-jwt-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-jsapi-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-json-binding-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-json-p-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-multipart-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-rxjava2-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-spring-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-validator-provider-11-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-yaml-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-undertow-server-0:1.2.5-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el6eap.src", "6Server-JBEAP-7.2:eap7-weld-core-impl-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-weld-core-jsf-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-weld-ejb-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-weld-jta-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-weld-probe-core-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-weld-web-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el6eap.src", "6Server-JBEAP-7.2:eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-javadocs-0:7.2.9-4.GA_redhat_00003.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-modules-0:7.2.9-4.GA_redhat_00003.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el6eap.src" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2020:3637" }, { "category": "workaround", "details": "There is currently no known mitigation for this issue.", "product_ids": [ "6Server-JBEAP-7.2:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-elytron-web-0:1.2.5-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el6eap.src", "6Server-JBEAP-7.2:eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el6eap.src", "6Server-JBEAP-7.2:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el6eap.src", "6Server-JBEAP-7.2:eap7-jboss-server-migration-cli-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-core-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly13.0-server-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly14.0-server-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-resteasy-atom-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-cdi-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-client-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-client-microprofile-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-crypto-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-jackson-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-jackson2-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-jaxb-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-jaxrs-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-jettison-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-jose-jwt-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-jsapi-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-json-binding-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-json-p-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-multipart-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-rxjava2-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-spring-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-validator-provider-11-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-yaml-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-undertow-server-0:1.2.5-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el6eap.src", "6Server-JBEAP-7.2:eap7-weld-core-impl-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-weld-core-jsf-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-weld-ejb-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-weld-jta-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-weld-probe-core-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-weld-web-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el6eap.src", "6Server-JBEAP-7.2:eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-javadocs-0:7.2.9-4.GA_redhat_00003.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-modules-0:7.2.9-4.GA_redhat_00003.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el6eap.src" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", "version": "3.1" }, "products": [ "6Server-JBEAP-7.2:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-elytron-web-0:1.2.5-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el6eap.src", "6Server-JBEAP-7.2:eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el6eap.src", "6Server-JBEAP-7.2:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el6eap.src", "6Server-JBEAP-7.2:eap7-jboss-server-migration-cli-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-core-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly13.0-server-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly14.0-server-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-resteasy-atom-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-cdi-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-client-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-client-microprofile-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-crypto-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-jackson-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-jackson2-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-jaxb-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-jaxrs-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-jettison-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-jose-jwt-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-jsapi-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-json-binding-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-json-p-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-multipart-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-rxjava2-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-spring-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-validator-provider-11-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-yaml-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-undertow-server-0:1.2.5-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el6eap.src", "6Server-JBEAP-7.2:eap7-weld-core-impl-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-weld-core-jsf-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-weld-ejb-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-weld-jta-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-weld-probe-core-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-weld-web-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el6eap.src", "6Server-JBEAP-7.2:eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-javadocs-0:7.2.9-4.GA_redhat_00003.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-modules-0:7.2.9-4.GA_redhat_00003.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el6eap.src" ] } ], "threats": [ { "category": "impact", "details": "Important" } ], "title": "EAP: field-name is not parsed in accordance to RFC7230" }, { "cve": "CVE-2020-1748", "cwe": { "id": "CWE-285", "name": "Improper Authorization" }, "discovery_date": "2020-02-26T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1807707" } ], "notes": [ { "category": "description", "text": "A flaw was found in Wildfly, where the WildFlySecurityManager checks were bypassed when using custom security managers, resulting in an improper authorization. This flaw leads to information exposure by unauthenticated access to secure resources.", "title": "Vulnerability description" }, { "category": "summary", "text": "Wildfly: Improper authorization issue in WildFlySecurityManager when using alternative protection domain", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "6Server-JBEAP-7.2:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-elytron-web-0:1.2.5-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el6eap.src", "6Server-JBEAP-7.2:eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el6eap.src", "6Server-JBEAP-7.2:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el6eap.src", "6Server-JBEAP-7.2:eap7-jboss-server-migration-cli-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-core-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly13.0-server-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly14.0-server-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-resteasy-atom-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-cdi-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-client-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-client-microprofile-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-crypto-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-jackson-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-jackson2-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-jaxb-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-jaxrs-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-jettison-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-jose-jwt-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-jsapi-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-json-binding-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-json-p-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-multipart-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-rxjava2-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-spring-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-validator-provider-11-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-yaml-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-undertow-server-0:1.2.5-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el6eap.src", "6Server-JBEAP-7.2:eap7-weld-core-impl-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-weld-core-jsf-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-weld-ejb-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-weld-jta-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-weld-probe-core-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-weld-web-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el6eap.src", "6Server-JBEAP-7.2:eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-javadocs-0:7.2.9-4.GA_redhat_00003.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-modules-0:7.2.9-4.GA_redhat_00003.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el6eap.src" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2020-1748" }, { "category": "external", "summary": "RHBZ#1807707", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1807707" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2020-1748", "url": "https://www.cve.org/CVERecord?id=CVE-2020-1748" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-1748", "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-1748" } ], "release_date": "2020-08-06T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2020-09-07T12:57:26+00:00", "details": "Before applying this update, back up your existing Red Hat JBoss Enterprise Application Platform installation and deployed applications.\n\nFor details about how to apply this update, which includes the changes described in this advisory, see:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "6Server-JBEAP-7.2:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-elytron-web-0:1.2.5-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el6eap.src", "6Server-JBEAP-7.2:eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el6eap.src", "6Server-JBEAP-7.2:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el6eap.src", "6Server-JBEAP-7.2:eap7-jboss-server-migration-cli-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-core-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly13.0-server-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly14.0-server-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-resteasy-atom-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-cdi-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-client-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-client-microprofile-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-crypto-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-jackson-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-jackson2-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-jaxb-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-jaxrs-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-jettison-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-jose-jwt-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-jsapi-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-json-binding-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-json-p-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-multipart-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-rxjava2-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-spring-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-validator-provider-11-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-yaml-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-undertow-server-0:1.2.5-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el6eap.src", "6Server-JBEAP-7.2:eap7-weld-core-impl-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-weld-core-jsf-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-weld-ejb-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-weld-jta-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-weld-probe-core-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-weld-web-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el6eap.src", "6Server-JBEAP-7.2:eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-javadocs-0:7.2.9-4.GA_redhat_00003.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-modules-0:7.2.9-4.GA_redhat_00003.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el6eap.src" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2020:3637" } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 4.8, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N", "version": "3.1" }, "products": [ "6Server-JBEAP-7.2:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-elytron-web-0:1.2.5-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el6eap.src", "6Server-JBEAP-7.2:eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el6eap.src", "6Server-JBEAP-7.2:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el6eap.src", "6Server-JBEAP-7.2:eap7-jboss-server-migration-cli-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-core-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly13.0-server-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly14.0-server-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-resteasy-atom-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-cdi-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-client-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-client-microprofile-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-crypto-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-jackson-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-jackson2-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-jaxb-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-jaxrs-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-jettison-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-jose-jwt-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-jsapi-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-json-binding-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-json-p-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-multipart-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-rxjava2-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-spring-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-validator-provider-11-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-yaml-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-undertow-server-0:1.2.5-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el6eap.src", "6Server-JBEAP-7.2:eap7-weld-core-impl-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-weld-core-jsf-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-weld-ejb-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-weld-jta-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-weld-probe-core-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-weld-web-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el6eap.src", "6Server-JBEAP-7.2:eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-javadocs-0:7.2.9-4.GA_redhat_00003.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-modules-0:7.2.9-4.GA_redhat_00003.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el6eap.src" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "Wildfly: Improper authorization issue in WildFlySecurityManager when using alternative protection domain" }, { "acknowledgments": [ { "names": [ "An Trinh" ] } ], "cve": "CVE-2020-6950", "cwe": { "id": "CWE-22", "name": "Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)" }, "discovery_date": "2019-12-16T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1805006" } ], "notes": [ { "category": "description", "text": "A flaw was found in Eclipse Mojarra before version 2.3.14, where it is vulnerable to a path traversal flaw via the loc parameter or the con parameter. An attacker could exploit this flaw to read arbitrary files.", "title": "Vulnerability description" }, { "category": "summary", "text": "Mojarra: Path traversal via either the loc parameter or the con parameter, incomplete fix of CVE-2018-14371", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "6Server-JBEAP-7.2:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-elytron-web-0:1.2.5-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el6eap.src", "6Server-JBEAP-7.2:eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el6eap.src", "6Server-JBEAP-7.2:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el6eap.src", "6Server-JBEAP-7.2:eap7-jboss-server-migration-cli-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-core-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly13.0-server-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly14.0-server-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-resteasy-atom-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-cdi-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-client-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-client-microprofile-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-crypto-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-jackson-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-jackson2-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-jaxb-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-jaxrs-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-jettison-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-jose-jwt-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-jsapi-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-json-binding-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-json-p-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-multipart-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-rxjava2-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-spring-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-validator-provider-11-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-yaml-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-undertow-server-0:1.2.5-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el6eap.src", "6Server-JBEAP-7.2:eap7-weld-core-impl-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-weld-core-jsf-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-weld-ejb-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-weld-jta-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-weld-probe-core-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-weld-web-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el6eap.src", "6Server-JBEAP-7.2:eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-javadocs-0:7.2.9-4.GA_redhat_00003.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-modules-0:7.2.9-4.GA_redhat_00003.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el6eap.src" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2020-6950" }, { "category": "external", "summary": "RHBZ#1805006", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1805006" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2020-6950", "url": "https://www.cve.org/CVERecord?id=CVE-2020-6950" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-6950", "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-6950" }, { "category": "external", "summary": "https://bugs.eclipse.org/bugs/show_bug.cgi?id=550943", "url": "https://bugs.eclipse.org/bugs/show_bug.cgi?id=550943" }, { "category": "external", "summary": "https://github.com/eclipse-ee4j/mojarra/commit/1b434748d9239f42eae8aa7d37d7a0930c061e24", "url": "https://github.com/eclipse-ee4j/mojarra/commit/1b434748d9239f42eae8aa7d37d7a0930c061e24" }, { "category": "external", "summary": "https://github.com/eclipse-ee4j/mojarra/commit/cefbb9447e7be560e59da2da6bd7cb93776f7741", "url": "https://github.com/eclipse-ee4j/mojarra/commit/cefbb9447e7be560e59da2da6bd7cb93776f7741" }, { "category": "external", "summary": "https://github.com/eclipse-ee4j/mojarra/issues/4571", "url": "https://github.com/eclipse-ee4j/mojarra/issues/4571" }, { "category": "external", "summary": "https://github.com/javaserverfaces/mojarra/issues/4364", "url": "https://github.com/javaserverfaces/mojarra/issues/4364" } ], "release_date": "2020-02-20T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2020-09-07T12:57:26+00:00", "details": "Before applying this update, back up your existing Red Hat JBoss Enterprise Application Platform installation and deployed applications.\n\nFor details about how to apply this update, which includes the changes described in this advisory, see:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "6Server-JBEAP-7.2:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-elytron-web-0:1.2.5-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el6eap.src", "6Server-JBEAP-7.2:eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el6eap.src", "6Server-JBEAP-7.2:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el6eap.src", "6Server-JBEAP-7.2:eap7-jboss-server-migration-cli-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-core-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly13.0-server-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly14.0-server-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-resteasy-atom-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-cdi-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-client-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-client-microprofile-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-crypto-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-jackson-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-jackson2-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-jaxb-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-jaxrs-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-jettison-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-jose-jwt-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-jsapi-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-json-binding-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-json-p-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-multipart-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-rxjava2-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-spring-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-validator-provider-11-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-yaml-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-undertow-server-0:1.2.5-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el6eap.src", "6Server-JBEAP-7.2:eap7-weld-core-impl-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-weld-core-jsf-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-weld-ejb-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-weld-jta-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-weld-probe-core-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-weld-web-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el6eap.src", "6Server-JBEAP-7.2:eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-javadocs-0:7.2.9-4.GA_redhat_00003.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-modules-0:7.2.9-4.GA_redhat_00003.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el6eap.src" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2020:3637" }, { "category": "workaround", "details": "There is no currently known mitigation for this flaw.", "product_ids": [ "6Server-JBEAP-7.2:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-elytron-web-0:1.2.5-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el6eap.src", "6Server-JBEAP-7.2:eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el6eap.src", "6Server-JBEAP-7.2:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el6eap.src", "6Server-JBEAP-7.2:eap7-jboss-server-migration-cli-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-core-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly13.0-server-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly14.0-server-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-resteasy-atom-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-cdi-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-client-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-client-microprofile-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-crypto-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-jackson-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-jackson2-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-jaxb-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-jaxrs-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-jettison-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-jose-jwt-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-jsapi-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-json-binding-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-json-p-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-multipart-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-rxjava2-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-spring-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-validator-provider-11-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-yaml-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-undertow-server-0:1.2.5-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el6eap.src", "6Server-JBEAP-7.2:eap7-weld-core-impl-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-weld-core-jsf-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-weld-ejb-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-weld-jta-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-weld-probe-core-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-weld-web-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el6eap.src", "6Server-JBEAP-7.2:eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-javadocs-0:7.2.9-4.GA_redhat_00003.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-modules-0:7.2.9-4.GA_redhat_00003.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el6eap.src" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N", "version": "3.1" }, "products": [ "6Server-JBEAP-7.2:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-elytron-web-0:1.2.5-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el6eap.src", "6Server-JBEAP-7.2:eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el6eap.src", "6Server-JBEAP-7.2:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el6eap.src", "6Server-JBEAP-7.2:eap7-jboss-server-migration-cli-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-core-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly13.0-server-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly14.0-server-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-resteasy-atom-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-cdi-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-client-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-client-microprofile-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-crypto-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-jackson-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-jackson2-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-jaxb-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-jaxrs-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-jettison-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-jose-jwt-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-jsapi-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-json-binding-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-json-p-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-multipart-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-rxjava2-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-spring-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-validator-provider-11-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-yaml-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-undertow-server-0:1.2.5-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el6eap.src", "6Server-JBEAP-7.2:eap7-weld-core-impl-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-weld-core-jsf-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-weld-ejb-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-weld-jta-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-weld-probe-core-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-weld-web-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el6eap.src", "6Server-JBEAP-7.2:eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-javadocs-0:7.2.9-4.GA_redhat_00003.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-modules-0:7.2.9-4.GA_redhat_00003.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el6eap.src" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "Mojarra: Path traversal via either the loc parameter or the con parameter, incomplete fix of CVE-2018-14371" }, { "cve": "CVE-2020-8840", "cwe": { "id": "CWE-502", "name": "Deserialization of Untrusted Data" }, "discovery_date": "2020-03-02T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1816330" } ], "notes": [ { "category": "description", "text": "A flaw was found in FasterXML jackson-databind in versions 2.0.0 through 2.9.10.2. A \"gadget\" exploit is possible due to a lack of a Java object being blocking from being deserialized. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.", "title": "Vulnerability description" }, { "category": "summary", "text": "jackson-databind: Lacks certain xbean-reflect/JNDI blocking", "title": "Vulnerability summary" }, { "category": "other", "text": "Red Hat OpenStack Platform ships OpenDaylight, which contains the vulnerable jackson-databind. However, OpenDaylight does not expose jackson-databind in a way that would make it vulnerable, lowering the impact of the vulnerability for OpenDaylight. As such, Red Hat will not be providing a fix for OpenDaylight at this time.\n\nWhile OpenShift Container Platform\u0027s elasticsearch plugins do ship the vulnerable component, it doesn\u0027t do any of the unsafe things described in https://access.redhat.com/solutions/3279231. We may update the jackson-databind dependency in a future release.\n\nRed Hat Satellite 6 does not enable polymorphic deserialization which is a required configuration for the vulnerability to be used. We may update the jackson-databind dependency in a future release.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "6Server-JBEAP-7.2:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-elytron-web-0:1.2.5-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el6eap.src", "6Server-JBEAP-7.2:eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el6eap.src", "6Server-JBEAP-7.2:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el6eap.src", "6Server-JBEAP-7.2:eap7-jboss-server-migration-cli-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-core-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly13.0-server-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly14.0-server-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-resteasy-atom-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-cdi-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-client-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-client-microprofile-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-crypto-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-jackson-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-jackson2-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-jaxb-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-jaxrs-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-jettison-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-jose-jwt-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-jsapi-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-json-binding-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-json-p-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-multipart-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-rxjava2-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-spring-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-validator-provider-11-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-yaml-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-undertow-server-0:1.2.5-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el6eap.src", "6Server-JBEAP-7.2:eap7-weld-core-impl-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-weld-core-jsf-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-weld-ejb-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-weld-jta-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-weld-probe-core-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-weld-web-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el6eap.src", "6Server-JBEAP-7.2:eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-javadocs-0:7.2.9-4.GA_redhat_00003.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-modules-0:7.2.9-4.GA_redhat_00003.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el6eap.src" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2020-8840" }, { "category": "external", "summary": "RHBZ#1816330", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1816330" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2020-8840", "url": "https://www.cve.org/CVERecord?id=CVE-2020-8840" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-8840", "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-8840" } ], "release_date": "2020-03-02T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2020-09-07T12:57:26+00:00", "details": "Before applying this update, back up your existing Red Hat JBoss Enterprise Application Platform installation and deployed applications.\n\nFor details about how to apply this update, which includes the changes described in this advisory, see:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "6Server-JBEAP-7.2:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-elytron-web-0:1.2.5-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el6eap.src", "6Server-JBEAP-7.2:eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el6eap.src", "6Server-JBEAP-7.2:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el6eap.src", "6Server-JBEAP-7.2:eap7-jboss-server-migration-cli-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-core-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly13.0-server-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly14.0-server-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-resteasy-atom-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-cdi-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-client-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-client-microprofile-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-crypto-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-jackson-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-jackson2-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-jaxb-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-jaxrs-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-jettison-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-jose-jwt-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-jsapi-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-json-binding-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-json-p-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-multipart-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-rxjava2-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-spring-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-validator-provider-11-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-yaml-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-undertow-server-0:1.2.5-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el6eap.src", "6Server-JBEAP-7.2:eap7-weld-core-impl-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-weld-core-jsf-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-weld-ejb-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-weld-jta-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-weld-probe-core-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-weld-web-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el6eap.src", "6Server-JBEAP-7.2:eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-javadocs-0:7.2.9-4.GA_redhat_00003.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-modules-0:7.2.9-4.GA_redhat_00003.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el6eap.src" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2020:3637" } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.1, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "6Server-JBEAP-7.2:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-elytron-web-0:1.2.5-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el6eap.src", "6Server-JBEAP-7.2:eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el6eap.src", "6Server-JBEAP-7.2:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el6eap.src", "6Server-JBEAP-7.2:eap7-jboss-server-migration-cli-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-core-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly13.0-server-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly14.0-server-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-resteasy-atom-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-cdi-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-client-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-client-microprofile-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-crypto-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-jackson-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-jackson2-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-jaxb-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-jaxrs-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-jettison-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-jose-jwt-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-jsapi-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-json-binding-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-json-p-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-multipart-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-rxjava2-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-spring-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-validator-provider-11-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-yaml-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-undertow-server-0:1.2.5-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el6eap.src", "6Server-JBEAP-7.2:eap7-weld-core-impl-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-weld-core-jsf-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-weld-ejb-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-weld-jta-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-weld-probe-core-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-weld-web-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el6eap.src", "6Server-JBEAP-7.2:eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-javadocs-0:7.2.9-4.GA_redhat_00003.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-modules-0:7.2.9-4.GA_redhat_00003.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el6eap.src" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "jackson-databind: Lacks certain xbean-reflect/JNDI blocking" }, { "cve": "CVE-2020-9546", "cwe": { "id": "CWE-502", "name": "Deserialization of Untrusted Data" }, "discovery_date": "2020-03-02T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1816332" } ], "notes": [ { "category": "description", "text": "A flaw was found in jackson-databind 2.x in versions prior to 2.9.10.4. FasterXML jackson-databind 2.x mishandles the interaction between serialization gadgets and typing. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.", "title": "Vulnerability description" }, { "category": "summary", "text": "jackson-databind: Serialization gadgets in shaded-hikari-config", "title": "Vulnerability summary" }, { "category": "other", "text": "Red Hat OpenStack Platform ships OpenDaylight, which contains the vulnerable jackson-databind. However, OpenDaylight does not expose jackson-databind in a way that would make it vulnerable, lowering the impact of the vulnerability for OpenDaylight. As such, Red Hat will not be providing a fix for OpenDaylight at this time.\n\nWhile OpenShift Container Platform\u0027s elasticsearch plugins do ship the vulnerable component, it doesn\u0027t do any of the unsafe things described in https://access.redhat.com/solutions/3279231. We may update the jackson-databind dependency in a future release.\n\nRed Hat Satellite 6 does not enable polymorphic deserialization which is a required configuration for the vulnerability to be used. We may update the jackson-databind dependency in a future release.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "6Server-JBEAP-7.2:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-elytron-web-0:1.2.5-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el6eap.src", "6Server-JBEAP-7.2:eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el6eap.src", "6Server-JBEAP-7.2:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el6eap.src", "6Server-JBEAP-7.2:eap7-jboss-server-migration-cli-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-core-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly13.0-server-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly14.0-server-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-resteasy-atom-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-cdi-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-client-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-client-microprofile-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-crypto-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-jackson-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-jackson2-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-jaxb-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-jaxrs-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-jettison-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-jose-jwt-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-jsapi-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-json-binding-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-json-p-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-multipart-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-rxjava2-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-spring-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-validator-provider-11-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-yaml-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-undertow-server-0:1.2.5-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el6eap.src", "6Server-JBEAP-7.2:eap7-weld-core-impl-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-weld-core-jsf-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-weld-ejb-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-weld-jta-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-weld-probe-core-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-weld-web-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el6eap.src", "6Server-JBEAP-7.2:eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-javadocs-0:7.2.9-4.GA_redhat_00003.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-modules-0:7.2.9-4.GA_redhat_00003.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el6eap.src" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2020-9546" }, { "category": "external", "summary": "RHBZ#1816332", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1816332" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2020-9546", "url": "https://www.cve.org/CVERecord?id=CVE-2020-9546" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-9546", "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-9546" } ], "release_date": "2020-03-02T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2020-09-07T12:57:26+00:00", "details": "Before applying this update, back up your existing Red Hat JBoss Enterprise Application Platform installation and deployed applications.\n\nFor details about how to apply this update, which includes the changes described in this advisory, see:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "6Server-JBEAP-7.2:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-elytron-web-0:1.2.5-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el6eap.src", "6Server-JBEAP-7.2:eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el6eap.src", "6Server-JBEAP-7.2:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el6eap.src", "6Server-JBEAP-7.2:eap7-jboss-server-migration-cli-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-core-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly13.0-server-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly14.0-server-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-resteasy-atom-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-cdi-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-client-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-client-microprofile-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-crypto-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-jackson-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-jackson2-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-jaxb-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-jaxrs-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-jettison-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-jose-jwt-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-jsapi-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-json-binding-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-json-p-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-multipart-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-rxjava2-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-spring-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-validator-provider-11-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-yaml-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-undertow-server-0:1.2.5-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el6eap.src", "6Server-JBEAP-7.2:eap7-weld-core-impl-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-weld-core-jsf-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-weld-ejb-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-weld-jta-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-weld-probe-core-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-weld-web-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el6eap.src", "6Server-JBEAP-7.2:eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-javadocs-0:7.2.9-4.GA_redhat_00003.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-modules-0:7.2.9-4.GA_redhat_00003.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el6eap.src" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2020:3637" } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.1, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "6Server-JBEAP-7.2:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-elytron-web-0:1.2.5-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el6eap.src", "6Server-JBEAP-7.2:eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el6eap.src", "6Server-JBEAP-7.2:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el6eap.src", "6Server-JBEAP-7.2:eap7-jboss-server-migration-cli-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-core-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly13.0-server-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly14.0-server-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-resteasy-atom-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-cdi-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-client-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-client-microprofile-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-crypto-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-jackson-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-jackson2-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-jaxb-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-jaxrs-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-jettison-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-jose-jwt-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-jsapi-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-json-binding-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-json-p-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-multipart-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-rxjava2-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-spring-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-validator-provider-11-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-yaml-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-undertow-server-0:1.2.5-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el6eap.src", "6Server-JBEAP-7.2:eap7-weld-core-impl-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-weld-core-jsf-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-weld-ejb-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-weld-jta-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-weld-probe-core-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-weld-web-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el6eap.src", "6Server-JBEAP-7.2:eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-javadocs-0:7.2.9-4.GA_redhat_00003.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-modules-0:7.2.9-4.GA_redhat_00003.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el6eap.src" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "jackson-databind: Serialization gadgets in shaded-hikari-config" }, { "cve": "CVE-2020-9547", "cwe": { "id": "CWE-502", "name": "Deserialization of Untrusted Data" }, "discovery_date": "2020-03-02T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1816337" } ], "notes": [ { "category": "description", "text": "A flaw was found in jackson-databind 2.x. FasterXML jackson-databind 2.x mishandles the interaction between serialization gadgets and typing. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.", "title": "Vulnerability description" }, { "category": "summary", "text": "jackson-databind: Serialization gadgets in ibatis-sqlmap", "title": "Vulnerability summary" }, { "category": "other", "text": "Red Hat OpenStack Platform ships OpenDaylight, which contains the vulnerable jackson-databind. However, OpenDaylight does not expose jackson-databind in a way that would make it vulnerable, lowering the impact of the vulnerability for OpenDaylight. As such, Red Hat will not be providing a fix for OpenDaylight at this time.\n\nWhile OpenShift Container Platform\u0027s elasticsearch plugins do ship the vulnerable component, it doesn\u0027t do any of the unsafe things described in https://access.redhat.com/solutions/3279231. We may update the jackson-databind dependency in a future release.\n\nRed Hat Satellite 6 does not enable polymorphic deserialization which is a required configuration for the vulnerability to be used. We may update the jackson-databind dependency in a future release.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "6Server-JBEAP-7.2:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-elytron-web-0:1.2.5-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el6eap.src", "6Server-JBEAP-7.2:eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el6eap.src", "6Server-JBEAP-7.2:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el6eap.src", "6Server-JBEAP-7.2:eap7-jboss-server-migration-cli-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-core-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly13.0-server-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly14.0-server-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-resteasy-atom-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-cdi-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-client-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-client-microprofile-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-crypto-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-jackson-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-jackson2-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-jaxb-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-jaxrs-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-jettison-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-jose-jwt-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-jsapi-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-json-binding-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-json-p-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-multipart-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-rxjava2-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-spring-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-validator-provider-11-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-yaml-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-undertow-server-0:1.2.5-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el6eap.src", "6Server-JBEAP-7.2:eap7-weld-core-impl-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-weld-core-jsf-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-weld-ejb-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-weld-jta-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-weld-probe-core-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-weld-web-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el6eap.src", "6Server-JBEAP-7.2:eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-javadocs-0:7.2.9-4.GA_redhat_00003.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-modules-0:7.2.9-4.GA_redhat_00003.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el6eap.src" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2020-9547" }, { "category": "external", "summary": "RHBZ#1816337", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1816337" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2020-9547", "url": "https://www.cve.org/CVERecord?id=CVE-2020-9547" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-9547", "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-9547" } ], "release_date": "2020-03-02T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2020-09-07T12:57:26+00:00", "details": "Before applying this update, back up your existing Red Hat JBoss Enterprise Application Platform installation and deployed applications.\n\nFor details about how to apply this update, which includes the changes described in this advisory, see:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "6Server-JBEAP-7.2:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-elytron-web-0:1.2.5-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el6eap.src", "6Server-JBEAP-7.2:eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el6eap.src", "6Server-JBEAP-7.2:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el6eap.src", "6Server-JBEAP-7.2:eap7-jboss-server-migration-cli-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-core-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly13.0-server-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly14.0-server-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-resteasy-atom-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-cdi-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-client-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-client-microprofile-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-crypto-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-jackson-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-jackson2-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-jaxb-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-jaxrs-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-jettison-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-jose-jwt-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-jsapi-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-json-binding-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-json-p-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-multipart-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-rxjava2-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-spring-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-validator-provider-11-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-yaml-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-undertow-server-0:1.2.5-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el6eap.src", "6Server-JBEAP-7.2:eap7-weld-core-impl-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-weld-core-jsf-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-weld-ejb-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-weld-jta-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-weld-probe-core-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-weld-web-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el6eap.src", "6Server-JBEAP-7.2:eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-javadocs-0:7.2.9-4.GA_redhat_00003.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-modules-0:7.2.9-4.GA_redhat_00003.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el6eap.src" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2020:3637" } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.1, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "6Server-JBEAP-7.2:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-elytron-web-0:1.2.5-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el6eap.src", "6Server-JBEAP-7.2:eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el6eap.src", "6Server-JBEAP-7.2:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el6eap.src", "6Server-JBEAP-7.2:eap7-jboss-server-migration-cli-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-core-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly13.0-server-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly14.0-server-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-resteasy-atom-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-cdi-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-client-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-client-microprofile-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-crypto-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-jackson-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-jackson2-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-jaxb-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-jaxrs-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-jettison-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-jose-jwt-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-jsapi-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-json-binding-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-json-p-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-multipart-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-rxjava2-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-spring-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-validator-provider-11-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-yaml-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-undertow-server-0:1.2.5-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el6eap.src", "6Server-JBEAP-7.2:eap7-weld-core-impl-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-weld-core-jsf-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-weld-ejb-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-weld-jta-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-weld-probe-core-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-weld-web-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el6eap.src", "6Server-JBEAP-7.2:eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-javadocs-0:7.2.9-4.GA_redhat_00003.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-modules-0:7.2.9-4.GA_redhat_00003.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el6eap.src" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "jackson-databind: Serialization gadgets in ibatis-sqlmap" }, { "cve": "CVE-2020-9548", "cwe": { "id": "CWE-502", "name": "Deserialization of Untrusted Data" }, "discovery_date": "2020-03-02T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1816340" } ], "notes": [ { "category": "description", "text": "A flaw was found in jackson-databind 2.x. FasterXML jackson-databind 2.x mishandles the interaction between serialization gadgets and typing. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.", "title": "Vulnerability description" }, { "category": "summary", "text": "jackson-databind: Serialization gadgets in anteros-core", "title": "Vulnerability summary" }, { "category": "other", "text": "Red Hat OpenStack Platform ships OpenDaylight, which contains the vulnerable jackson-databind. However, OpenDaylight does not expose jackson-databind in a way that would make it vulnerable, lowering the impact of the vulnerability for OpenDaylight. As such, Red Hat will not be providing a fix for OpenDaylight at this time.\n\nWhile OpenShift Container Platform\u0027s elasticsearch plugins do ship the vulnerable component, it doesn\u0027t do any of the unsafe things described in https://access.redhat.com/solutions/3279231. We may update the jackson-databind dependency in a future release.\n\nRed Hat Satellite 6 does not enable polymorphic deserialization which is a required configuration for the vulnerability to be used. We may update the jackson-databind dependency in a future release.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "6Server-JBEAP-7.2:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-elytron-web-0:1.2.5-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el6eap.src", "6Server-JBEAP-7.2:eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el6eap.src", "6Server-JBEAP-7.2:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el6eap.src", "6Server-JBEAP-7.2:eap7-jboss-server-migration-cli-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-core-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly13.0-server-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly14.0-server-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-resteasy-atom-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-cdi-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-client-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-client-microprofile-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-crypto-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-jackson-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-jackson2-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-jaxb-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-jaxrs-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-jettison-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-jose-jwt-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-jsapi-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-json-binding-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-json-p-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-multipart-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-rxjava2-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-spring-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-validator-provider-11-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-yaml-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-undertow-server-0:1.2.5-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el6eap.src", "6Server-JBEAP-7.2:eap7-weld-core-impl-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-weld-core-jsf-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-weld-ejb-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-weld-jta-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-weld-probe-core-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-weld-web-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el6eap.src", "6Server-JBEAP-7.2:eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-javadocs-0:7.2.9-4.GA_redhat_00003.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-modules-0:7.2.9-4.GA_redhat_00003.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el6eap.src" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2020-9548" }, { "category": "external", "summary": "RHBZ#1816340", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1816340" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2020-9548", "url": "https://www.cve.org/CVERecord?id=CVE-2020-9548" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-9548", "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-9548" } ], "release_date": "2020-03-02T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2020-09-07T12:57:26+00:00", "details": "Before applying this update, back up your existing Red Hat JBoss Enterprise Application Platform installation and deployed applications.\n\nFor details about how to apply this update, which includes the changes described in this advisory, see:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "6Server-JBEAP-7.2:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-elytron-web-0:1.2.5-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el6eap.src", "6Server-JBEAP-7.2:eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el6eap.src", "6Server-JBEAP-7.2:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el6eap.src", "6Server-JBEAP-7.2:eap7-jboss-server-migration-cli-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-core-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly13.0-server-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly14.0-server-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-resteasy-atom-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-cdi-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-client-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-client-microprofile-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-crypto-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-jackson-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-jackson2-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-jaxb-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-jaxrs-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-jettison-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-jose-jwt-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-jsapi-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-json-binding-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-json-p-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-multipart-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-rxjava2-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-spring-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-validator-provider-11-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-yaml-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-undertow-server-0:1.2.5-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el6eap.src", "6Server-JBEAP-7.2:eap7-weld-core-impl-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-weld-core-jsf-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-weld-ejb-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-weld-jta-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-weld-probe-core-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-weld-web-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el6eap.src", "6Server-JBEAP-7.2:eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-javadocs-0:7.2.9-4.GA_redhat_00003.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-modules-0:7.2.9-4.GA_redhat_00003.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el6eap.src" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2020:3637" } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.1, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "6Server-JBEAP-7.2:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-elytron-web-0:1.2.5-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el6eap.src", "6Server-JBEAP-7.2:eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el6eap.src", "6Server-JBEAP-7.2:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el6eap.src", "6Server-JBEAP-7.2:eap7-jboss-server-migration-cli-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-core-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly13.0-server-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly14.0-server-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-resteasy-atom-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-cdi-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-client-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-client-microprofile-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-crypto-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-jackson-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-jackson2-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-jaxb-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-jaxrs-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-jettison-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-jose-jwt-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-jsapi-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-json-binding-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-json-p-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-multipart-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-rxjava2-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-spring-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-validator-provider-11-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-yaml-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-undertow-server-0:1.2.5-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el6eap.src", "6Server-JBEAP-7.2:eap7-weld-core-impl-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-weld-core-jsf-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-weld-ejb-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-weld-jta-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-weld-probe-core-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-weld-web-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el6eap.src", "6Server-JBEAP-7.2:eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-javadocs-0:7.2.9-4.GA_redhat_00003.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-modules-0:7.2.9-4.GA_redhat_00003.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el6eap.src" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "jackson-databind: Serialization gadgets in anteros-core" }, { "cve": "CVE-2020-10672", "cwe": { "id": "CWE-96", "name": "Improper Neutralization of Directives in Statically Saved Code (\u0027Static Code Injection\u0027)" }, "discovery_date": "2020-03-19T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1815495" } ], "notes": [ { "category": "description", "text": "A flaw was found in jackson-databind 2.x in versions prior to 2.9.10.4. FasterXML jackson-databind 2.x mishandles the interaction between serialization gadgets and typing. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.", "title": "Vulnerability description" }, { "category": "summary", "text": "jackson-databind: mishandles the interaction between serialization gadgets and typing which could result in remote command execution", "title": "Vulnerability summary" }, { "category": "other", "text": "Red Hat OpenStack Platform ships OpenDaylight, which contains the vulnerable jackson-databind. However, OpenDaylight does not expose jackson-databind in a way that would make it vulnerable, lowering the impact of the vulnerability for OpenDaylight. As such, Red Hat will not be providing a fix for OpenDaylight at this time.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "6Server-JBEAP-7.2:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-elytron-web-0:1.2.5-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el6eap.src", "6Server-JBEAP-7.2:eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el6eap.src", "6Server-JBEAP-7.2:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el6eap.src", "6Server-JBEAP-7.2:eap7-jboss-server-migration-cli-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-core-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly13.0-server-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly14.0-server-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-resteasy-atom-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-cdi-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-client-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-client-microprofile-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-crypto-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-jackson-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-jackson2-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-jaxb-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-jaxrs-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-jettison-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-jose-jwt-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-jsapi-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-json-binding-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-json-p-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-multipart-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-rxjava2-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-spring-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-validator-provider-11-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-yaml-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-undertow-server-0:1.2.5-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el6eap.src", "6Server-JBEAP-7.2:eap7-weld-core-impl-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-weld-core-jsf-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-weld-ejb-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-weld-jta-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-weld-probe-core-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-weld-web-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el6eap.src", "6Server-JBEAP-7.2:eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-javadocs-0:7.2.9-4.GA_redhat_00003.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-modules-0:7.2.9-4.GA_redhat_00003.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el6eap.src" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2020-10672" }, { "category": "external", "summary": "RHBZ#1815495", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1815495" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2020-10672", "url": "https://www.cve.org/CVERecord?id=CVE-2020-10672" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-10672", "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-10672" } ], "release_date": "2020-03-15T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2020-09-07T12:57:26+00:00", "details": "Before applying this update, back up your existing Red Hat JBoss Enterprise Application Platform installation and deployed applications.\n\nFor details about how to apply this update, which includes the changes described in this advisory, see:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "6Server-JBEAP-7.2:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-elytron-web-0:1.2.5-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el6eap.src", "6Server-JBEAP-7.2:eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el6eap.src", "6Server-JBEAP-7.2:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el6eap.src", "6Server-JBEAP-7.2:eap7-jboss-server-migration-cli-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-core-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly13.0-server-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly14.0-server-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-resteasy-atom-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-cdi-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-client-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-client-microprofile-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-crypto-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-jackson-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-jackson2-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-jaxb-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-jaxrs-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-jettison-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-jose-jwt-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-jsapi-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-json-binding-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-json-p-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-multipart-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-rxjava2-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-spring-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-validator-provider-11-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-yaml-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-undertow-server-0:1.2.5-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el6eap.src", "6Server-JBEAP-7.2:eap7-weld-core-impl-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-weld-core-jsf-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-weld-ejb-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-weld-jta-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-weld-probe-core-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-weld-web-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el6eap.src", "6Server-JBEAP-7.2:eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-javadocs-0:7.2.9-4.GA_redhat_00003.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-modules-0:7.2.9-4.GA_redhat_00003.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el6eap.src" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2020:3637" } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.1, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "6Server-JBEAP-7.2:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-elytron-web-0:1.2.5-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el6eap.src", "6Server-JBEAP-7.2:eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el6eap.src", "6Server-JBEAP-7.2:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el6eap.src", "6Server-JBEAP-7.2:eap7-jboss-server-migration-cli-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-core-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly13.0-server-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly14.0-server-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-resteasy-atom-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-cdi-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-client-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-client-microprofile-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-crypto-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-jackson-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-jackson2-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-jaxb-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-jaxrs-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-jettison-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-jose-jwt-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-jsapi-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-json-binding-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-json-p-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-multipart-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-rxjava2-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-spring-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-validator-provider-11-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-yaml-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-undertow-server-0:1.2.5-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el6eap.src", "6Server-JBEAP-7.2:eap7-weld-core-impl-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-weld-core-jsf-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-weld-ejb-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-weld-jta-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-weld-probe-core-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-weld-web-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el6eap.src", "6Server-JBEAP-7.2:eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-javadocs-0:7.2.9-4.GA_redhat_00003.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-modules-0:7.2.9-4.GA_redhat_00003.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el6eap.src" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "jackson-databind: mishandles the interaction between serialization gadgets and typing which could result in remote command execution" }, { "cve": "CVE-2020-10673", "cwe": { "id": "CWE-96", "name": "Improper Neutralization of Directives in Statically Saved Code (\u0027Static Code Injection\u0027)" }, "discovery_date": "2020-03-19T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1815470" } ], "notes": [ { "category": "description", "text": "A flaw was found in jackson-databind 2.x in versions prior to 2.9.10.4. FasterXML jackson-databind 2.x mishandles the interaction between serialization gadgets and typing. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.", "title": "Vulnerability description" }, { "category": "summary", "text": "jackson-databind: mishandles the interaction between serialization gadgets and typing which could result in remote command execution", "title": "Vulnerability summary" }, { "category": "other", "text": "Red Hat OpenStack Platform ships OpenDaylight, which contains the vulnerable jackson-databind. However, OpenDaylight does not expose jackson-databind in a way that would make it vulnerable, lowering the impact of the vulnerability for OpenDaylight. As such, Red Hat will not be providing a fix for OpenDaylight at this time. Additionally, the gadget is not available within Red Hat Openstack Platform\u0027s OpenDaylight.\n\nWhile OpenShift Container Platform\u0027s elasticsearch plugins do ship the vulnerable component, it doesn\u0027t do any of the unsafe things described in https://access.redhat.com/solutions/3279231. We may update the jackson-databind dependency in a future release.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "6Server-JBEAP-7.2:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-elytron-web-0:1.2.5-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el6eap.src", "6Server-JBEAP-7.2:eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el6eap.src", "6Server-JBEAP-7.2:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el6eap.src", "6Server-JBEAP-7.2:eap7-jboss-server-migration-cli-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-core-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly13.0-server-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly14.0-server-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-resteasy-atom-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-cdi-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-client-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-client-microprofile-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-crypto-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-jackson-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-jackson2-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-jaxb-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-jaxrs-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-jettison-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-jose-jwt-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-jsapi-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-json-binding-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-json-p-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-multipart-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-rxjava2-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-spring-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-validator-provider-11-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-yaml-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-undertow-server-0:1.2.5-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el6eap.src", "6Server-JBEAP-7.2:eap7-weld-core-impl-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-weld-core-jsf-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-weld-ejb-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-weld-jta-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-weld-probe-core-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-weld-web-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el6eap.src", "6Server-JBEAP-7.2:eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-javadocs-0:7.2.9-4.GA_redhat_00003.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-modules-0:7.2.9-4.GA_redhat_00003.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el6eap.src" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2020-10673" }, { "category": "external", "summary": "RHBZ#1815470", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1815470" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2020-10673", "url": "https://www.cve.org/CVERecord?id=CVE-2020-10673" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-10673", "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-10673" } ], "release_date": "2020-03-18T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2020-09-07T12:57:26+00:00", "details": "Before applying this update, back up your existing Red Hat JBoss Enterprise Application Platform installation and deployed applications.\n\nFor details about how to apply this update, which includes the changes described in this advisory, see:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "6Server-JBEAP-7.2:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-elytron-web-0:1.2.5-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el6eap.src", "6Server-JBEAP-7.2:eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el6eap.src", "6Server-JBEAP-7.2:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el6eap.src", "6Server-JBEAP-7.2:eap7-jboss-server-migration-cli-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-core-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly13.0-server-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly14.0-server-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-resteasy-atom-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-cdi-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-client-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-client-microprofile-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-crypto-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-jackson-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-jackson2-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-jaxb-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-jaxrs-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-jettison-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-jose-jwt-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-jsapi-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-json-binding-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-json-p-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-multipart-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-rxjava2-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-spring-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-validator-provider-11-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-yaml-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-undertow-server-0:1.2.5-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el6eap.src", "6Server-JBEAP-7.2:eap7-weld-core-impl-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-weld-core-jsf-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-weld-ejb-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-weld-jta-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-weld-probe-core-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-weld-web-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el6eap.src", "6Server-JBEAP-7.2:eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-javadocs-0:7.2.9-4.GA_redhat_00003.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-modules-0:7.2.9-4.GA_redhat_00003.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el6eap.src" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2020:3637" } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 5.6, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L", "version": "3.1" }, "products": [ "6Server-JBEAP-7.2:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-elytron-web-0:1.2.5-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el6eap.src", "6Server-JBEAP-7.2:eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el6eap.src", "6Server-JBEAP-7.2:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el6eap.src", "6Server-JBEAP-7.2:eap7-jboss-server-migration-cli-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-core-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly13.0-server-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly14.0-server-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-resteasy-atom-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-cdi-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-client-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-client-microprofile-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-crypto-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-jackson-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-jackson2-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-jaxb-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-jaxrs-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-jettison-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-jose-jwt-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-jsapi-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-json-binding-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-json-p-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-multipart-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-rxjava2-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-spring-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-validator-provider-11-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-yaml-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-undertow-server-0:1.2.5-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el6eap.src", "6Server-JBEAP-7.2:eap7-weld-core-impl-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-weld-core-jsf-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-weld-ejb-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-weld-jta-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-weld-probe-core-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-weld-web-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el6eap.src", "6Server-JBEAP-7.2:eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-javadocs-0:7.2.9-4.GA_redhat_00003.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-modules-0:7.2.9-4.GA_redhat_00003.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el6eap.src" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "jackson-databind: mishandles the interaction between serialization gadgets and typing which could result in remote command execution" }, { "acknowledgments": [ { "names": [ "Adith Sudhakar" ] } ], "cve": "CVE-2020-10683", "cwe": { "id": "CWE-611", "name": "Improper Restriction of XML External Entity Reference" }, "discovery_date": "2019-03-28T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1694235" } ], "notes": [ { "category": "description", "text": "dom4j before 2.0.3 and 2.1.x before 2.1.3 allows external DTDs and External Entities by default, which might enable XXE attacks. However, there is popular external documentation from OWASP showing how to enable the safe, non-default behavior in any application that uses dom4j.", "title": "Vulnerability description" }, { "category": "summary", "text": "dom4j: XML External Entity vulnerability in default SAX parser", "title": "Vulnerability summary" }, { "category": "other", "text": "OpenShift Container Platform ships a vulnerable version of dom4j library. However it\u0027s used to parse configuration files, which are local disk resources. We\u0027ve rated this issue with a moderate impact for OpenShift Container Platform.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "6Server-JBEAP-7.2:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-elytron-web-0:1.2.5-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el6eap.src", "6Server-JBEAP-7.2:eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el6eap.src", "6Server-JBEAP-7.2:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el6eap.src", "6Server-JBEAP-7.2:eap7-jboss-server-migration-cli-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-core-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly13.0-server-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly14.0-server-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-resteasy-atom-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-cdi-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-client-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-client-microprofile-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-crypto-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-jackson-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-jackson2-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-jaxb-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-jaxrs-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-jettison-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-jose-jwt-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-jsapi-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-json-binding-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-json-p-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-multipart-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-rxjava2-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-spring-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-validator-provider-11-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-yaml-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-undertow-server-0:1.2.5-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el6eap.src", "6Server-JBEAP-7.2:eap7-weld-core-impl-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-weld-core-jsf-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-weld-ejb-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-weld-jta-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-weld-probe-core-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-weld-web-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el6eap.src", "6Server-JBEAP-7.2:eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-javadocs-0:7.2.9-4.GA_redhat_00003.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-modules-0:7.2.9-4.GA_redhat_00003.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el6eap.src" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2020-10683" }, { "category": "external", "summary": "RHBZ#1694235", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1694235" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2020-10683", "url": "https://www.cve.org/CVERecord?id=CVE-2020-10683" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-10683", "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-10683" } ], "release_date": "2020-04-15T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2020-09-07T12:57:26+00:00", "details": "Before applying this update, back up your existing Red Hat JBoss Enterprise Application Platform installation and deployed applications.\n\nFor details about how to apply this update, which includes the changes described in this advisory, see:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "6Server-JBEAP-7.2:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-elytron-web-0:1.2.5-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el6eap.src", "6Server-JBEAP-7.2:eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el6eap.src", "6Server-JBEAP-7.2:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el6eap.src", "6Server-JBEAP-7.2:eap7-jboss-server-migration-cli-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-core-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly13.0-server-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly14.0-server-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-resteasy-atom-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-cdi-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-client-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-client-microprofile-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-crypto-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-jackson-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-jackson2-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-jaxb-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-jaxrs-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-jettison-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-jose-jwt-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-jsapi-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-json-binding-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-json-p-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-multipart-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-rxjava2-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-spring-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-validator-provider-11-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-yaml-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-undertow-server-0:1.2.5-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el6eap.src", "6Server-JBEAP-7.2:eap7-weld-core-impl-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-weld-core-jsf-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-weld-ejb-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-weld-jta-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-weld-probe-core-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-weld-web-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el6eap.src", "6Server-JBEAP-7.2:eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-javadocs-0:7.2.9-4.GA_redhat_00003.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-modules-0:7.2.9-4.GA_redhat_00003.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el6eap.src" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2020:3637" } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 5.0, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:L", "version": "3.1" }, "products": [ "6Server-JBEAP-7.2:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-elytron-web-0:1.2.5-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el6eap.src", "6Server-JBEAP-7.2:eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el6eap.src", "6Server-JBEAP-7.2:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el6eap.src", "6Server-JBEAP-7.2:eap7-jboss-server-migration-cli-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-core-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly13.0-server-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly14.0-server-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-resteasy-atom-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-cdi-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-client-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-client-microprofile-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-crypto-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-jackson-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-jackson2-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-jaxb-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-jaxrs-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-jettison-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-jose-jwt-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-jsapi-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-json-binding-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-json-p-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-multipart-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-rxjava2-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-spring-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-validator-provider-11-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-yaml-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-undertow-server-0:1.2.5-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el6eap.src", "6Server-JBEAP-7.2:eap7-weld-core-impl-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-weld-core-jsf-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-weld-ejb-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-weld-jta-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-weld-probe-core-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-weld-web-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el6eap.src", "6Server-JBEAP-7.2:eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-javadocs-0:7.2.9-4.GA_redhat_00003.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-modules-0:7.2.9-4.GA_redhat_00003.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el6eap.src" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "dom4j: XML External Entity vulnerability in default SAX parser" }, { "acknowledgments": [ { "names": [ "Aaron Ogburn" ], "organization": "Red Hat", "summary": "This issue was discovered by Red Hat." } ], "cve": "CVE-2020-10687", "cwe": { "id": "CWE-444", "name": "Inconsistent Interpretation of HTTP Requests (\u0027HTTP Request/Response Smuggling\u0027)" }, "discovery_date": "2019-06-27T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1785049" } ], "notes": [ { "category": "description", "text": "A flaw was discovered in Undertow where HTTP request smuggling related to CVE-2017-2666 is possible against HTTP/1.x and HTTP/2 due to permitting invalid characters in an HTTP request. This flaw allows an attacker to poison a web-cache, perform an XSS attack, or obtain sensitive information from request other than their own.", "title": "Vulnerability description" }, { "category": "summary", "text": "Undertow: Incomplete fix for CVE-2017-2666 due to permitting invalid characters in HTTP requests", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "6Server-JBEAP-7.2:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-elytron-web-0:1.2.5-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el6eap.src", "6Server-JBEAP-7.2:eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el6eap.src", "6Server-JBEAP-7.2:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el6eap.src", "6Server-JBEAP-7.2:eap7-jboss-server-migration-cli-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-core-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly13.0-server-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly14.0-server-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-resteasy-atom-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-cdi-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-client-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-client-microprofile-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-crypto-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-jackson-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-jackson2-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-jaxb-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-jaxrs-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-jettison-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-jose-jwt-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-jsapi-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-json-binding-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-json-p-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-multipart-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-rxjava2-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-spring-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-validator-provider-11-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-yaml-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-undertow-server-0:1.2.5-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el6eap.src", "6Server-JBEAP-7.2:eap7-weld-core-impl-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-weld-core-jsf-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-weld-ejb-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-weld-jta-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-weld-probe-core-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-weld-web-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el6eap.src", "6Server-JBEAP-7.2:eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-javadocs-0:7.2.9-4.GA_redhat_00003.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-modules-0:7.2.9-4.GA_redhat_00003.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el6eap.src" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2020-10687" }, { "category": "external", "summary": "RHBZ#1785049", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1785049" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2020-10687", "url": "https://www.cve.org/CVERecord?id=CVE-2020-10687" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-10687", "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-10687" } ], "release_date": "2020-04-15T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2020-09-07T12:57:26+00:00", "details": "Before applying this update, back up your existing Red Hat JBoss Enterprise Application Platform installation and deployed applications.\n\nFor details about how to apply this update, which includes the changes described in this advisory, see:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "6Server-JBEAP-7.2:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-elytron-web-0:1.2.5-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el6eap.src", "6Server-JBEAP-7.2:eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el6eap.src", "6Server-JBEAP-7.2:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el6eap.src", "6Server-JBEAP-7.2:eap7-jboss-server-migration-cli-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-core-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly13.0-server-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly14.0-server-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-resteasy-atom-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-cdi-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-client-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-client-microprofile-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-crypto-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-jackson-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-jackson2-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-jaxb-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-jaxrs-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-jettison-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-jose-jwt-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-jsapi-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-json-binding-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-json-p-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-multipart-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-rxjava2-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-spring-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-validator-provider-11-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-yaml-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-undertow-server-0:1.2.5-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el6eap.src", "6Server-JBEAP-7.2:eap7-weld-core-impl-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-weld-core-jsf-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-weld-ejb-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-weld-jta-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-weld-probe-core-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-weld-web-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el6eap.src", "6Server-JBEAP-7.2:eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-javadocs-0:7.2.9-4.GA_redhat_00003.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-modules-0:7.2.9-4.GA_redhat_00003.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el6eap.src" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2020:3637" } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 4.8, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N", "version": "3.0" }, "products": [ "6Server-JBEAP-7.2:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-elytron-web-0:1.2.5-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el6eap.src", "6Server-JBEAP-7.2:eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el6eap.src", "6Server-JBEAP-7.2:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el6eap.src", "6Server-JBEAP-7.2:eap7-jboss-server-migration-cli-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-core-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly13.0-server-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly14.0-server-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-resteasy-atom-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-cdi-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-client-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-client-microprofile-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-crypto-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-jackson-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-jackson2-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-jaxb-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-jaxrs-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-jettison-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-jose-jwt-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-jsapi-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-json-binding-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-json-p-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-multipart-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-rxjava2-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-spring-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-validator-provider-11-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-yaml-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-undertow-server-0:1.2.5-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el6eap.src", "6Server-JBEAP-7.2:eap7-weld-core-impl-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-weld-core-jsf-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-weld-ejb-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-weld-jta-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-weld-probe-core-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-weld-web-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el6eap.src", "6Server-JBEAP-7.2:eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-javadocs-0:7.2.9-4.GA_redhat_00003.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-modules-0:7.2.9-4.GA_redhat_00003.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el6eap.src" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "Undertow: Incomplete fix for CVE-2017-2666 due to permitting invalid characters in HTTP requests" }, { "acknowledgments": [ { "names": [ "Alvaro Mu\u00f1oz" ], "organization": "GitHub Security Labs" } ], "cve": "CVE-2020-10693", "cwe": { "id": "CWE-20", "name": "Improper Input Validation" }, "discovery_date": "2020-02-05T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1805501" } ], "notes": [ { "category": "description", "text": "A flaw was found in Hibernate Validator version 6.1.2.Final. A bug in the message interpolation processor enables invalid EL expressions to be evaluated as if they were valid. This flaw allows attackers to bypass input sanitation (escaping, stripping) controls that developers may have put in place when handling user-controlled data in error messages.", "title": "Vulnerability description" }, { "category": "summary", "text": "hibernate-validator: Improper input validation in the interpolation of constraint error messages", "title": "Vulnerability summary" }, { "category": "other", "text": "hibernate-validator is packaged with Red Hat OpenStack Platform 13.0\u0027s OpenDaylight (ODL). However, because ODL is technical preview in this version and the flaw is moderate, Red Hat will not be releasing a fix for the OpenStack package at this time.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "6Server-JBEAP-7.2:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-elytron-web-0:1.2.5-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el6eap.src", "6Server-JBEAP-7.2:eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el6eap.src", "6Server-JBEAP-7.2:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el6eap.src", "6Server-JBEAP-7.2:eap7-jboss-server-migration-cli-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-core-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly13.0-server-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly14.0-server-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-resteasy-atom-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-cdi-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-client-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-client-microprofile-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-crypto-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-jackson-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-jackson2-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-jaxb-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-jaxrs-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-jettison-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-jose-jwt-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-jsapi-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-json-binding-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-json-p-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-multipart-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-rxjava2-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-spring-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-validator-provider-11-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-yaml-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-undertow-server-0:1.2.5-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el6eap.src", "6Server-JBEAP-7.2:eap7-weld-core-impl-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-weld-core-jsf-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-weld-ejb-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-weld-jta-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-weld-probe-core-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-weld-web-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el6eap.src", "6Server-JBEAP-7.2:eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-javadocs-0:7.2.9-4.GA_redhat_00003.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-modules-0:7.2.9-4.GA_redhat_00003.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el6eap.src" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2020-10693" }, { "category": "external", "summary": "RHBZ#1805501", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1805501" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2020-10693", "url": "https://www.cve.org/CVERecord?id=CVE-2020-10693" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-10693", "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-10693" } ], "release_date": "2020-05-05T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2020-09-07T12:57:26+00:00", "details": "Before applying this update, back up your existing Red Hat JBoss Enterprise Application Platform installation and deployed applications.\n\nFor details about how to apply this update, which includes the changes described in this advisory, see:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "6Server-JBEAP-7.2:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-elytron-web-0:1.2.5-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el6eap.src", "6Server-JBEAP-7.2:eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el6eap.src", "6Server-JBEAP-7.2:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el6eap.src", "6Server-JBEAP-7.2:eap7-jboss-server-migration-cli-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-core-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly13.0-server-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly14.0-server-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-resteasy-atom-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-cdi-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-client-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-client-microprofile-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-crypto-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-jackson-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-jackson2-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-jaxb-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-jaxrs-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-jettison-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-jose-jwt-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-jsapi-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-json-binding-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-json-p-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-multipart-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-rxjava2-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-spring-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-validator-provider-11-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-yaml-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-undertow-server-0:1.2.5-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el6eap.src", "6Server-JBEAP-7.2:eap7-weld-core-impl-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-weld-core-jsf-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-weld-ejb-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-weld-jta-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-weld-probe-core-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-weld-web-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el6eap.src", "6Server-JBEAP-7.2:eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-javadocs-0:7.2.9-4.GA_redhat_00003.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-modules-0:7.2.9-4.GA_redhat_00003.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el6eap.src" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2020:3637" }, { "category": "workaround", "details": "You can pass user input as an expression variable by unwrapping the context to HibernateConstraintValidatorContext. Please refer to the https://in.relation.to/2020/05/07/hibernate-validator-615-6020-released/ and https://docs.jboss.org/hibernate/stable/validator/reference/en-US/html_single/#_the_code_constraintvalidatorcontext_code.", "product_ids": [ "6Server-JBEAP-7.2:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-elytron-web-0:1.2.5-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el6eap.src", "6Server-JBEAP-7.2:eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el6eap.src", "6Server-JBEAP-7.2:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el6eap.src", "6Server-JBEAP-7.2:eap7-jboss-server-migration-cli-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-core-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly13.0-server-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly14.0-server-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-resteasy-atom-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-cdi-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-client-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-client-microprofile-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-crypto-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-jackson-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-jackson2-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-jaxb-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-jaxrs-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-jettison-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-jose-jwt-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-jsapi-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-json-binding-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-json-p-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-multipart-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-rxjava2-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-spring-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-validator-provider-11-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-yaml-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-undertow-server-0:1.2.5-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el6eap.src", "6Server-JBEAP-7.2:eap7-weld-core-impl-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-weld-core-jsf-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-weld-ejb-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-weld-jta-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-weld-probe-core-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-weld-web-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el6eap.src", "6Server-JBEAP-7.2:eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-javadocs-0:7.2.9-4.GA_redhat_00003.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-modules-0:7.2.9-4.GA_redhat_00003.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el6eap.src" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", "version": "3.1" }, "products": [ "6Server-JBEAP-7.2:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-elytron-web-0:1.2.5-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el6eap.src", "6Server-JBEAP-7.2:eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el6eap.src", "6Server-JBEAP-7.2:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el6eap.src", "6Server-JBEAP-7.2:eap7-jboss-server-migration-cli-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-core-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly13.0-server-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly14.0-server-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-resteasy-atom-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-cdi-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-client-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-client-microprofile-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-crypto-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-jackson-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-jackson2-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-jaxb-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-jaxrs-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-jettison-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-jose-jwt-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-jsapi-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-json-binding-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-json-p-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-multipart-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-rxjava2-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-spring-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-validator-provider-11-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-yaml-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-undertow-server-0:1.2.5-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el6eap.src", "6Server-JBEAP-7.2:eap7-weld-core-impl-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-weld-core-jsf-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-weld-ejb-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-weld-jta-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-weld-probe-core-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-weld-web-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el6eap.src", "6Server-JBEAP-7.2:eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-javadocs-0:7.2.9-4.GA_redhat_00003.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-modules-0:7.2.9-4.GA_redhat_00003.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el6eap.src" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "hibernate-validator: Improper input validation in the interpolation of constraint error messages" }, { "acknowledgments": [ { "names": [ "Mark Banierink" ], "organization": "Nedap" } ], "cve": "CVE-2020-10714", "cwe": { "id": "CWE-384", "name": "Session Fixation" }, "discovery_date": "2020-03-24T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1825714" } ], "notes": [ { "category": "description", "text": "A flaw was found in WildFly Elytron version 1.11.3.Final and before. When using WildFly Elytron FORM authentication with a session ID in the URL, an attacker could perform a session fixation attack. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.", "title": "Vulnerability description" }, { "category": "summary", "text": "wildfly-elytron: session fixation when using FORM authentication", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "6Server-JBEAP-7.2:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-elytron-web-0:1.2.5-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el6eap.src", "6Server-JBEAP-7.2:eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el6eap.src", "6Server-JBEAP-7.2:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el6eap.src", "6Server-JBEAP-7.2:eap7-jboss-server-migration-cli-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-core-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly13.0-server-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly14.0-server-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-resteasy-atom-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-cdi-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-client-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-client-microprofile-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-crypto-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-jackson-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-jackson2-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-jaxb-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-jaxrs-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-jettison-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-jose-jwt-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-jsapi-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-json-binding-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-json-p-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-multipart-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-rxjava2-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-spring-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-validator-provider-11-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-yaml-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-undertow-server-0:1.2.5-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el6eap.src", "6Server-JBEAP-7.2:eap7-weld-core-impl-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-weld-core-jsf-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-weld-ejb-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-weld-jta-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-weld-probe-core-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-weld-web-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el6eap.src", "6Server-JBEAP-7.2:eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-javadocs-0:7.2.9-4.GA_redhat_00003.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-modules-0:7.2.9-4.GA_redhat_00003.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el6eap.src" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2020-10714" }, { "category": "external", "summary": "RHBZ#1825714", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1825714" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2020-10714", "url": "https://www.cve.org/CVERecord?id=CVE-2020-10714" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-10714", "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-10714" } ], "release_date": "2020-04-28T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2020-09-07T12:57:26+00:00", "details": "Before applying this update, back up your existing Red Hat JBoss Enterprise Application Platform installation and deployed applications.\n\nFor details about how to apply this update, which includes the changes described in this advisory, see:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "6Server-JBEAP-7.2:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-elytron-web-0:1.2.5-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el6eap.src", "6Server-JBEAP-7.2:eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el6eap.src", "6Server-JBEAP-7.2:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el6eap.src", "6Server-JBEAP-7.2:eap7-jboss-server-migration-cli-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-core-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly13.0-server-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly14.0-server-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-resteasy-atom-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-cdi-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-client-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-client-microprofile-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-crypto-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-jackson-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-jackson2-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-jaxb-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-jaxrs-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-jettison-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-jose-jwt-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-jsapi-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-json-binding-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-json-p-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-multipart-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-rxjava2-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-spring-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-validator-provider-11-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-yaml-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-undertow-server-0:1.2.5-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el6eap.src", "6Server-JBEAP-7.2:eap7-weld-core-impl-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-weld-core-jsf-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-weld-ejb-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-weld-jta-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-weld-probe-core-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-weld-web-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el6eap.src", "6Server-JBEAP-7.2:eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-javadocs-0:7.2.9-4.GA_redhat_00003.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-modules-0:7.2.9-4.GA_redhat_00003.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el6eap.src" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2020:3637" }, { "category": "workaround", "details": "This attack is dependent on the attacker being able to create a session and the victim accessing the session before the session expires, we do have a 15 minute session timeout by default but the attacker could also keep this alive by say sending in a request every five minutes.\n\nThe server by default supports session tracking by URL and Cookie, if the web.xml is updated to support COOKIE only the exploit is not possible by sharing the link.\n~~~\n \u003csession-config\u003e\n \u003ctracking-mode\u003eURL\u003c/tracking-mode\u003e\n \u003c/session-config\u003e\n~~~\nTO\n~~~\n \u003csession-config\u003e\n \u003ctracking-mode\u003eCOOKIE\u003c/tracking-mode\u003e\n \u003c/session-config\u003e\n~~~", "product_ids": [ "6Server-JBEAP-7.2:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-elytron-web-0:1.2.5-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el6eap.src", "6Server-JBEAP-7.2:eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el6eap.src", "6Server-JBEAP-7.2:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el6eap.src", "6Server-JBEAP-7.2:eap7-jboss-server-migration-cli-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-core-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly13.0-server-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly14.0-server-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-resteasy-atom-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-cdi-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-client-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-client-microprofile-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-crypto-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-jackson-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-jackson2-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-jaxb-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-jaxrs-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-jettison-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-jose-jwt-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-jsapi-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-json-binding-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-json-p-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-multipart-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-rxjava2-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-spring-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-validator-provider-11-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-yaml-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-undertow-server-0:1.2.5-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el6eap.src", "6Server-JBEAP-7.2:eap7-weld-core-impl-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-weld-core-jsf-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-weld-ejb-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-weld-jta-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-weld-probe-core-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-weld-web-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el6eap.src", "6Server-JBEAP-7.2:eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-javadocs-0:7.2.9-4.GA_redhat_00003.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-modules-0:7.2.9-4.GA_redhat_00003.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el6eap.src" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "6Server-JBEAP-7.2:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-elytron-web-0:1.2.5-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el6eap.src", "6Server-JBEAP-7.2:eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el6eap.src", "6Server-JBEAP-7.2:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el6eap.src", "6Server-JBEAP-7.2:eap7-jboss-server-migration-cli-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-core-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly13.0-server-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly14.0-server-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-resteasy-atom-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-cdi-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-client-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-client-microprofile-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-crypto-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-jackson-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-jackson2-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-jaxb-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-jaxrs-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-jettison-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-jose-jwt-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-jsapi-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-json-binding-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-json-p-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-multipart-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-rxjava2-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-spring-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-validator-provider-11-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-yaml-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-undertow-server-0:1.2.5-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el6eap.src", "6Server-JBEAP-7.2:eap7-weld-core-impl-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-weld-core-jsf-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-weld-ejb-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-weld-jta-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-weld-probe-core-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-weld-web-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el6eap.src", "6Server-JBEAP-7.2:eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-javadocs-0:7.2.9-4.GA_redhat_00003.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-modules-0:7.2.9-4.GA_redhat_00003.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el6eap.src" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "wildfly-elytron: session fixation when using FORM authentication" }, { "acknowledgments": [ { "names": [ "James R. Perkins" ], "organization": "Red Hat", "summary": "This issue was discovered by Red Hat." } ], "cve": "CVE-2020-10718", "cwe": { "id": "CWE-749", "name": "Exposed Dangerous Method or Function" }, "discovery_date": "2020-03-09T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1828476" } ], "notes": [ { "category": "description", "text": "A flaw was found in Wildfly, where the embedded managed process API has an exposed setting of the Thread Context Classloader (TCCL). This setting is exposed as a public method, which can bypass the security manager. The highest threat from this vulnerability is to confidentiality.", "title": "Vulnerability description" }, { "category": "summary", "text": "wildfly: exposed setting of TCCL via the EmbeddedManagedProcess API", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "6Server-JBEAP-7.2:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-elytron-web-0:1.2.5-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el6eap.src", "6Server-JBEAP-7.2:eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el6eap.src", "6Server-JBEAP-7.2:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el6eap.src", "6Server-JBEAP-7.2:eap7-jboss-server-migration-cli-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-core-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly13.0-server-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly14.0-server-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-resteasy-atom-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-cdi-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-client-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-client-microprofile-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-crypto-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-jackson-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-jackson2-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-jaxb-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-jaxrs-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-jettison-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-jose-jwt-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-jsapi-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-json-binding-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-json-p-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-multipart-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-rxjava2-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-spring-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-validator-provider-11-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-yaml-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-undertow-server-0:1.2.5-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el6eap.src", "6Server-JBEAP-7.2:eap7-weld-core-impl-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-weld-core-jsf-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-weld-ejb-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-weld-jta-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-weld-probe-core-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-weld-web-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el6eap.src", "6Server-JBEAP-7.2:eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-javadocs-0:7.2.9-4.GA_redhat_00003.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-modules-0:7.2.9-4.GA_redhat_00003.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el6eap.src" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2020-10718" }, { "category": "external", "summary": "RHBZ#1828476", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1828476" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2020-10718", "url": "https://www.cve.org/CVERecord?id=CVE-2020-10718" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-10718", "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-10718" } ], "release_date": "2020-08-06T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2020-09-07T12:57:26+00:00", "details": "Before applying this update, back up your existing Red Hat JBoss Enterprise Application Platform installation and deployed applications.\n\nFor details about how to apply this update, which includes the changes described in this advisory, see:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "6Server-JBEAP-7.2:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-elytron-web-0:1.2.5-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el6eap.src", "6Server-JBEAP-7.2:eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el6eap.src", "6Server-JBEAP-7.2:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el6eap.src", "6Server-JBEAP-7.2:eap7-jboss-server-migration-cli-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-core-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly13.0-server-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly14.0-server-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-resteasy-atom-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-cdi-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-client-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-client-microprofile-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-crypto-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-jackson-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-jackson2-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-jaxb-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-jaxrs-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-jettison-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-jose-jwt-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-jsapi-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-json-binding-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-json-p-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-multipart-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-rxjava2-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-spring-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-validator-provider-11-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-yaml-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-undertow-server-0:1.2.5-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el6eap.src", "6Server-JBEAP-7.2:eap7-weld-core-impl-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-weld-core-jsf-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-weld-ejb-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-weld-jta-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-weld-probe-core-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-weld-web-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el6eap.src", "6Server-JBEAP-7.2:eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-javadocs-0:7.2.9-4.GA_redhat_00003.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-modules-0:7.2.9-4.GA_redhat_00003.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el6eap.src" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2020:3637" } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.9, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.1" }, "products": [ "6Server-JBEAP-7.2:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-elytron-web-0:1.2.5-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el6eap.src", "6Server-JBEAP-7.2:eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el6eap.src", "6Server-JBEAP-7.2:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el6eap.src", "6Server-JBEAP-7.2:eap7-jboss-server-migration-cli-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-core-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly13.0-server-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly14.0-server-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-resteasy-atom-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-cdi-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-client-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-client-microprofile-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-crypto-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-jackson-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-jackson2-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-jaxb-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-jaxrs-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-jettison-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-jose-jwt-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-jsapi-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-json-binding-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-json-p-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-multipart-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-rxjava2-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-spring-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-validator-provider-11-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-yaml-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-undertow-server-0:1.2.5-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el6eap.src", "6Server-JBEAP-7.2:eap7-weld-core-impl-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-weld-core-jsf-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-weld-ejb-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-weld-jta-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-weld-probe-core-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-weld-web-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el6eap.src", "6Server-JBEAP-7.2:eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-javadocs-0:7.2.9-4.GA_redhat_00003.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-modules-0:7.2.9-4.GA_redhat_00003.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el6eap.src" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "wildfly: exposed setting of TCCL via the EmbeddedManagedProcess API" }, { "acknowledgments": [ { "names": [ "Moritz Bechler" ], "organization": "SySS GmbH" } ], "cve": "CVE-2020-10740", "cwe": { "id": "CWE-502", "name": "Deserialization of Untrusted Data" }, "discovery_date": "2020-03-25T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1834512" } ], "notes": [ { "category": "description", "text": "A flaw was found in Wildfly. A remote deserialization attack is possible in the Enterprise Application Beans (EJB) due to lack of validation/filtering capabilities in wildfly. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availablity.", "title": "Vulnerability description" }, { "category": "summary", "text": "wildfly: unsafe deserialization in Wildfly Enterprise Java Beans", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "6Server-JBEAP-7.2:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-elytron-web-0:1.2.5-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el6eap.src", "6Server-JBEAP-7.2:eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el6eap.src", "6Server-JBEAP-7.2:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el6eap.src", "6Server-JBEAP-7.2:eap7-jboss-server-migration-cli-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-core-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly13.0-server-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly14.0-server-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-resteasy-atom-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-cdi-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-client-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-client-microprofile-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-crypto-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-jackson-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-jackson2-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-jaxb-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-jaxrs-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-jettison-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-jose-jwt-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-jsapi-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-json-binding-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-json-p-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-multipart-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-rxjava2-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-spring-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-validator-provider-11-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-yaml-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-undertow-server-0:1.2.5-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el6eap.src", "6Server-JBEAP-7.2:eap7-weld-core-impl-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-weld-core-jsf-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-weld-ejb-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-weld-jta-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-weld-probe-core-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-weld-web-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el6eap.src", "6Server-JBEAP-7.2:eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-javadocs-0:7.2.9-4.GA_redhat_00003.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-modules-0:7.2.9-4.GA_redhat_00003.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el6eap.src" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2020-10740" }, { "category": "external", "summary": "RHBZ#1834512", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1834512" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2020-10740", "url": "https://www.cve.org/CVERecord?id=CVE-2020-10740" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-10740", "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-10740" } ], "release_date": "2020-06-02T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2020-09-07T12:57:26+00:00", "details": "Before applying this update, back up your existing Red Hat JBoss Enterprise Application Platform installation and deployed applications.\n\nFor details about how to apply this update, which includes the changes described in this advisory, see:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "6Server-JBEAP-7.2:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-elytron-web-0:1.2.5-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el6eap.src", "6Server-JBEAP-7.2:eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el6eap.src", "6Server-JBEAP-7.2:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el6eap.src", "6Server-JBEAP-7.2:eap7-jboss-server-migration-cli-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-core-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly13.0-server-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly14.0-server-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-resteasy-atom-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-cdi-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-client-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-client-microprofile-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-crypto-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-jackson-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-jackson2-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-jaxb-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-jaxrs-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-jettison-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-jose-jwt-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-jsapi-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-json-binding-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-json-p-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-multipart-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-rxjava2-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-spring-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-validator-provider-11-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-yaml-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-undertow-server-0:1.2.5-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el6eap.src", "6Server-JBEAP-7.2:eap7-weld-core-impl-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-weld-core-jsf-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-weld-ejb-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-weld-jta-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-weld-probe-core-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-weld-web-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el6eap.src", "6Server-JBEAP-7.2:eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-javadocs-0:7.2.9-4.GA_redhat_00003.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-modules-0:7.2.9-4.GA_redhat_00003.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el6eap.src" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2020:3637" }, { "category": "workaround", "details": "There is currently no known mitigation for this issue.", "product_ids": [ "6Server-JBEAP-7.2:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-elytron-web-0:1.2.5-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el6eap.src", "6Server-JBEAP-7.2:eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el6eap.src", "6Server-JBEAP-7.2:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el6eap.src", "6Server-JBEAP-7.2:eap7-jboss-server-migration-cli-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-core-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly13.0-server-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly14.0-server-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-resteasy-atom-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-cdi-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-client-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-client-microprofile-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-crypto-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-jackson-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-jackson2-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-jaxb-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-jaxrs-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-jettison-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-jose-jwt-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-jsapi-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-json-binding-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-json-p-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-multipart-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-rxjava2-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-spring-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-validator-provider-11-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-yaml-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-undertow-server-0:1.2.5-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el6eap.src", "6Server-JBEAP-7.2:eap7-weld-core-impl-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-weld-core-jsf-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-weld-ejb-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-weld-jta-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-weld-probe-core-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-weld-web-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el6eap.src", "6Server-JBEAP-7.2:eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-javadocs-0:7.2.9-4.GA_redhat_00003.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-modules-0:7.2.9-4.GA_redhat_00003.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el6eap.src" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "6Server-JBEAP-7.2:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-elytron-web-0:1.2.5-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el6eap.src", "6Server-JBEAP-7.2:eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el6eap.src", "6Server-JBEAP-7.2:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el6eap.src", "6Server-JBEAP-7.2:eap7-jboss-server-migration-cli-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-core-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly13.0-server-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly14.0-server-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-resteasy-atom-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-cdi-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-client-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-client-microprofile-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-crypto-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-jackson-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-jackson2-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-jaxb-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-jaxrs-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-jettison-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-jose-jwt-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-jsapi-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-json-binding-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-json-p-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-multipart-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-rxjava2-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-spring-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-validator-provider-11-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-yaml-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-undertow-server-0:1.2.5-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el6eap.src", "6Server-JBEAP-7.2:eap7-weld-core-impl-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-weld-core-jsf-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-weld-ejb-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-weld-jta-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-weld-probe-core-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-weld-web-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el6eap.src", "6Server-JBEAP-7.2:eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-javadocs-0:7.2.9-4.GA_redhat_00003.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-modules-0:7.2.9-4.GA_redhat_00003.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el6eap.src" ] } ], "threats": [ { "category": "impact", "details": "Important" } ], "title": "wildfly: unsafe deserialization in Wildfly Enterprise Java Beans" }, { "cve": "CVE-2020-14297", "cwe": { "id": "CWE-400", "name": "Uncontrolled Resource Consumption" }, "discovery_date": "2020-07-01T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1853595" } ], "notes": [ { "category": "description", "text": "A flaw was found in Wildfly\u0027s EJB Client, where the accumulation of specific EJB transaction objects over time can cause services to slow down and eventually become unavailable. This flaw allows an attacker to cause a denial of service. The highest threat from this vulnerability is to system availability.", "title": "Vulnerability description" }, { "category": "summary", "text": "wildfly: Some EJB transaction objects may get accumulated causing Denial of Service", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "6Server-JBEAP-7.2:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-elytron-web-0:1.2.5-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el6eap.src", "6Server-JBEAP-7.2:eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el6eap.src", "6Server-JBEAP-7.2:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el6eap.src", "6Server-JBEAP-7.2:eap7-jboss-server-migration-cli-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-core-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly13.0-server-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly14.0-server-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-resteasy-atom-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-cdi-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-client-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-client-microprofile-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-crypto-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-jackson-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-jackson2-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-jaxb-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-jaxrs-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-jettison-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-jose-jwt-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-jsapi-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-json-binding-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-json-p-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-multipart-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-rxjava2-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-spring-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-validator-provider-11-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-yaml-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-undertow-server-0:1.2.5-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el6eap.src", "6Server-JBEAP-7.2:eap7-weld-core-impl-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-weld-core-jsf-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-weld-ejb-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-weld-jta-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-weld-probe-core-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-weld-web-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el6eap.src", "6Server-JBEAP-7.2:eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-javadocs-0:7.2.9-4.GA_redhat_00003.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-modules-0:7.2.9-4.GA_redhat_00003.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el6eap.src" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2020-14297" }, { "category": "external", "summary": "RHBZ#1853595", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1853595" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2020-14297", "url": "https://www.cve.org/CVERecord?id=CVE-2020-14297" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-14297", "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-14297" } ], "release_date": "2020-07-23T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2020-09-07T12:57:26+00:00", "details": "Before applying this update, back up your existing Red Hat JBoss Enterprise Application Platform installation and deployed applications.\n\nFor details about how to apply this update, which includes the changes described in this advisory, see:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "6Server-JBEAP-7.2:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-elytron-web-0:1.2.5-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el6eap.src", "6Server-JBEAP-7.2:eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el6eap.src", "6Server-JBEAP-7.2:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el6eap.src", "6Server-JBEAP-7.2:eap7-jboss-server-migration-cli-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-core-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly13.0-server-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly14.0-server-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-resteasy-atom-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-cdi-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-client-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-client-microprofile-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-crypto-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-jackson-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-jackson2-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-jaxb-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-jaxrs-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-jettison-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-jose-jwt-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-jsapi-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-json-binding-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-json-p-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-multipart-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-rxjava2-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-spring-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-validator-provider-11-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-yaml-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-undertow-server-0:1.2.5-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el6eap.src", "6Server-JBEAP-7.2:eap7-weld-core-impl-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-weld-core-jsf-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-weld-ejb-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-weld-jta-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-weld-probe-core-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-weld-web-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el6eap.src", "6Server-JBEAP-7.2:eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-javadocs-0:7.2.9-4.GA_redhat_00003.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-modules-0:7.2.9-4.GA_redhat_00003.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el6eap.src" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2020:3637" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "6Server-JBEAP-7.2:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-elytron-web-0:1.2.5-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el6eap.src", "6Server-JBEAP-7.2:eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el6eap.src", "6Server-JBEAP-7.2:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el6eap.src", "6Server-JBEAP-7.2:eap7-jboss-server-migration-cli-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-core-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly13.0-server-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly14.0-server-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-resteasy-atom-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-cdi-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-client-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-client-microprofile-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-crypto-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-jackson-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-jackson2-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-jaxb-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-jaxrs-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-jettison-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-jose-jwt-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-jsapi-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-json-binding-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-json-p-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-multipart-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-rxjava2-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-spring-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-validator-provider-11-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-yaml-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-undertow-server-0:1.2.5-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el6eap.src", "6Server-JBEAP-7.2:eap7-weld-core-impl-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-weld-core-jsf-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-weld-ejb-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-weld-jta-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-weld-probe-core-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-weld-web-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el6eap.src", "6Server-JBEAP-7.2:eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-javadocs-0:7.2.9-4.GA_redhat_00003.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-modules-0:7.2.9-4.GA_redhat_00003.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el6eap.src" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "wildfly: Some EJB transaction objects may get accumulated causing Denial of Service" }, { "cve": "CVE-2020-14307", "cwe": { "id": "CWE-404", "name": "Improper Resource Shutdown or Release" }, "discovery_date": "2020-06-19T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1851327" } ], "notes": [ { "category": "description", "text": "A vulnerability was found in Wildfly\u0027s Enterprise Java Beans (EJB), where SessionOpenInvocations are never removed from the remote InvocationTracker after a response is received in the EJB Client, as well as the server. This flaw allows an attacker to craft a denial of service attack to make the service unavailable.", "title": "Vulnerability description" }, { "category": "summary", "text": "wildfly: EJB SessionOpenInvocations may not be removed properly after a response is received causing Denial of Service", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "6Server-JBEAP-7.2:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-elytron-web-0:1.2.5-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el6eap.src", "6Server-JBEAP-7.2:eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el6eap.src", "6Server-JBEAP-7.2:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el6eap.src", "6Server-JBEAP-7.2:eap7-jboss-server-migration-cli-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-core-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly13.0-server-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly14.0-server-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-resteasy-atom-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-cdi-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-client-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-client-microprofile-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-crypto-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-jackson-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-jackson2-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-jaxb-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-jaxrs-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-jettison-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-jose-jwt-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-jsapi-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-json-binding-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-json-p-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-multipart-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-rxjava2-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-spring-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-validator-provider-11-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-yaml-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-undertow-server-0:1.2.5-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el6eap.src", "6Server-JBEAP-7.2:eap7-weld-core-impl-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-weld-core-jsf-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-weld-ejb-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-weld-jta-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-weld-probe-core-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-weld-web-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el6eap.src", "6Server-JBEAP-7.2:eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-javadocs-0:7.2.9-4.GA_redhat_00003.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-modules-0:7.2.9-4.GA_redhat_00003.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el6eap.src" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2020-14307" }, { "category": "external", "summary": "RHBZ#1851327", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1851327" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2020-14307", "url": "https://www.cve.org/CVERecord?id=CVE-2020-14307" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-14307", "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-14307" } ], "release_date": "2020-07-23T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2020-09-07T12:57:26+00:00", "details": "Before applying this update, back up your existing Red Hat JBoss Enterprise Application Platform installation and deployed applications.\n\nFor details about how to apply this update, which includes the changes described in this advisory, see:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "6Server-JBEAP-7.2:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-elytron-web-0:1.2.5-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el6eap.src", "6Server-JBEAP-7.2:eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el6eap.src", "6Server-JBEAP-7.2:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el6eap.src", "6Server-JBEAP-7.2:eap7-jboss-server-migration-cli-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-core-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly13.0-server-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly14.0-server-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-resteasy-atom-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-cdi-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-client-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-client-microprofile-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-crypto-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-jackson-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-jackson2-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-jaxb-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-jaxrs-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-jettison-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-jose-jwt-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-jsapi-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-json-binding-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-json-p-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-multipart-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-rxjava2-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-spring-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-validator-provider-11-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-yaml-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-undertow-server-0:1.2.5-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el6eap.src", "6Server-JBEAP-7.2:eap7-weld-core-impl-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-weld-core-jsf-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-weld-ejb-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-weld-jta-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-weld-probe-core-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-weld-web-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el6eap.src", "6Server-JBEAP-7.2:eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-javadocs-0:7.2.9-4.GA_redhat_00003.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-modules-0:7.2.9-4.GA_redhat_00003.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el6eap.src" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2020:3637" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "6Server-JBEAP-7.2:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-elytron-web-0:1.2.5-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el6eap.src", "6Server-JBEAP-7.2:eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el6eap.src", "6Server-JBEAP-7.2:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el6eap.src", "6Server-JBEAP-7.2:eap7-jboss-server-migration-cli-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-core-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly13.0-server-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly14.0-server-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-resteasy-atom-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-cdi-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-client-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-client-microprofile-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-crypto-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-jackson-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-jackson2-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-jaxb-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-jaxrs-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-jettison-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-jose-jwt-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-jsapi-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-json-binding-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-json-p-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-multipart-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-rxjava2-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-spring-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-validator-provider-11-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-yaml-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-undertow-server-0:1.2.5-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el6eap.src", "6Server-JBEAP-7.2:eap7-weld-core-impl-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-weld-core-jsf-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-weld-ejb-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-weld-jta-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-weld-probe-core-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-weld-web-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el6eap.src", "6Server-JBEAP-7.2:eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-javadocs-0:7.2.9-4.GA_redhat_00003.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-modules-0:7.2.9-4.GA_redhat_00003.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el6eap.src" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "wildfly: EJB SessionOpenInvocations may not be removed properly after a response is received causing Denial of Service" } ] }
rhsa-2020_3638
Vulnerability from csaf_redhat
Published
2020-09-07 12:58
Modified
2024-11-05 22:40
Summary
Red Hat Security Advisory: Red Hat JBoss Enterprise Application Platform 7.2.9 on RHEL 7 security update
Notes
Topic
An update is now available for Red Hat JBoss Enterprise Application Platform 7.2 for Red Hat Enterprise Linux 7.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details
This release of Red Hat JBoss Enterprise Application Platform 7.2.9 serves as a replacement for Red Hat JBoss Enterprise Application Platform 7.2.8, and includes bug fixes and enhancements. See the Red Hat JBoss Enterprise Application Platform 7.2.9 Release Notes for information about the most significant bug fixes and enhancements included in this release.
Security Fix(es):
* jackson-databind: Serialization gadgets in ibatis-sqlmap (CVE-2020-9547)
* jackson-databind: Lacks certain xbean-reflect/JNDI blocking (CVE-2020-8840)
* jackson-databind: Serialization gadgets in anteros-core (CVE-2020-9548)
* jackson-databind: mishandles the interaction between serialization gadgets and typing which could result in remote command execution (CVE-2020-10672)
* jackson-databind: mishandles the interaction between serialization gadgets and typing which could result in remote command execution (CVE-2020-10673)
* jackson-databind: Serialization gadgets in shaded-hikari-config (CVE-2020-9546)
* undertow: EAP: field-name is not parsed in accordance to RFC7230 (CVE-2020-1710)
* wildfly-undertow: Undertow: Incomplete fix for CVE-2017-2666 due to permitting invalid characters in HTTP requests (CVE-2020-10687)
* jsf-impl: Mojarra: Path traversal via either the loc parameter or the con parameter, incomplete fix of CVE-2018-14371 (CVE-2020-6950)
* resteasy-jaxrs: resteasy: Improper validation of response header in MediaTypeHeaderDelegate.java class (CVE-2020-1695)
* wildfly-elytron: session fixation when using FORM authentication (CVE-2020-10714)
* dom4j: XML External Entity vulnerability in default SAX parser (CVE-2020-10683)
* wildfly: Improper authorization issue in WildFlySecurityManager when using alternative protection domain (CVE-2020-1748)
* hibernate-validator: Improper input validation in the interpolation of constraint error messages (CVE-2020-10693)
* hibernate-core: hibernate: SQL injection issue in Hibernate ORM (CVE-2019-14900)
* wildfly: exposed setting of TCCL via the EmbeddedManagedProcess API (CVE-2020-10718)
• wildfly: unsafe deserialization in Wildfly Enterprise Java Beans (CVE-2020-10740)
* jboss-ejb-client: wildfly: EJB SessionOpenInvocations may not be removed properly after a response is received causing Denial of Service (CVE-2020-14307)
* jboss-ejb-client: wildfly: Some EJB transaction objects may get accumulated causing Denial of Service (CVE-2020-14297)
For more details about the security issue(s), including the impact, a CVSS score, and other related information, see the CVE page(s) listed in the References section.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{ "document": { "aggregate_severity": { "namespace": "https://access.redhat.com/security/updates/classification/", "text": "Important" }, "category": "csaf_security_advisory", "csaf_version": "2.0", "distribution": { "text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.", "tlp": { "label": "WHITE", "url": "https://www.first.org/tlp/" } }, "lang": "en", "notes": [ { "category": "summary", "text": "An update is now available for Red Hat JBoss Enterprise Application Platform 7.2 for Red Hat Enterprise Linux 7.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.", "title": "Topic" }, { "category": "general", "text": "This release of Red Hat JBoss Enterprise Application Platform 7.2.9 serves as a replacement for Red Hat JBoss Enterprise Application Platform 7.2.8, and includes bug fixes and enhancements. See the Red Hat JBoss Enterprise Application Platform 7.2.9 Release Notes for information about the most significant bug fixes and enhancements included in this release.\n\nSecurity Fix(es):\n\n* jackson-databind: Serialization gadgets in ibatis-sqlmap (CVE-2020-9547)\n\n* jackson-databind: Lacks certain xbean-reflect/JNDI blocking (CVE-2020-8840)\n\n* jackson-databind: Serialization gadgets in anteros-core (CVE-2020-9548)\n\n* jackson-databind: mishandles the interaction between serialization gadgets and typing which could result in remote command execution (CVE-2020-10672)\n\n* jackson-databind: mishandles the interaction between serialization gadgets and typing which could result in remote command execution (CVE-2020-10673)\n\n* jackson-databind: Serialization gadgets in shaded-hikari-config (CVE-2020-9546)\n\n* undertow: EAP: field-name is not parsed in accordance to RFC7230 (CVE-2020-1710)\n\n* wildfly-undertow: Undertow: Incomplete fix for CVE-2017-2666 due to permitting invalid characters in HTTP requests (CVE-2020-10687)\n\n* jsf-impl: Mojarra: Path traversal via either the loc parameter or the con parameter, incomplete fix of CVE-2018-14371 (CVE-2020-6950)\n\n* resteasy-jaxrs: resteasy: Improper validation of response header in MediaTypeHeaderDelegate.java class (CVE-2020-1695)\n\n* wildfly-elytron: session fixation when using FORM authentication (CVE-2020-10714)\n\n* dom4j: XML External Entity vulnerability in default SAX parser (CVE-2020-10683)\n\n* wildfly: Improper authorization issue in WildFlySecurityManager when using alternative protection domain (CVE-2020-1748)\n\n* hibernate-validator: Improper input validation in the interpolation of constraint error messages (CVE-2020-10693)\n\n* hibernate-core: hibernate: SQL injection issue in Hibernate ORM (CVE-2019-14900)\n\n* wildfly: exposed setting of TCCL via the EmbeddedManagedProcess API (CVE-2020-10718)\n\n\u2022 wildfly: unsafe deserialization in Wildfly Enterprise Java Beans (CVE-2020-10740)\n\n* jboss-ejb-client: wildfly: EJB SessionOpenInvocations may not be removed properly after a response is received causing Denial of Service (CVE-2020-14307)\n\n* jboss-ejb-client: wildfly: Some EJB transaction objects may get accumulated causing Denial of Service (CVE-2020-14297)\n\nFor more details about the security issue(s), including the impact, a CVSS score, and other related information, see the CVE page(s) listed in the References section.", "title": "Details" }, { "category": "legal_disclaimer", "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.", "title": "Terms of Use" } ], "publisher": { "category": "vendor", "contact_details": "https://access.redhat.com/security/team/contact/", "issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.", "name": "Red Hat Product Security", "namespace": "https://www.redhat.com" }, "references": [ { "category": "self", "summary": "https://access.redhat.com/errata/RHSA-2020:3638", "url": "https://access.redhat.com/errata/RHSA-2020:3638" }, { "category": "external", "summary": "https://access.redhat.com/security/updates/classification/#important", "url": "https://access.redhat.com/security/updates/classification/#important" }, { "category": "external", "summary": "https://access.redhat.com/documentation/en-us/red_hat_jboss_enterprise_application_platform/7.2/", "url": "https://access.redhat.com/documentation/en-us/red_hat_jboss_enterprise_application_platform/7.2/" }, { "category": "external", "summary": "https://access.redhat.com/documentation/en-us/red_hat_jboss_enterprise_application_platform/7.2/html-single/installation_guide/", "url": "https://access.redhat.com/documentation/en-us/red_hat_jboss_enterprise_application_platform/7.2/html-single/installation_guide/" }, { "category": "external", "summary": "1666499", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1666499" }, { "category": "external", "summary": "1694235", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1694235" }, { "category": "external", "summary": "1730462", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1730462" }, { "category": "external", "summary": "1785049", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1785049" }, { "category": "external", "summary": "1793970", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1793970" }, { "category": "external", "summary": "1805006", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1805006" }, { "category": "external", "summary": "1805501", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1805501" }, { "category": "external", "summary": "1807707", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1807707" }, { "category": "external", "summary": "1815470", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1815470" }, { "category": "external", "summary": "1815495", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1815495" }, { "category": "external", "summary": "1816330", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1816330" }, { "category": "external", "summary": "1816332", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1816332" }, { "category": "external", "summary": "1816337", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1816337" }, { "category": "external", "summary": "1816340", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1816340" }, { "category": "external", "summary": "1825714", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1825714" }, { "category": "external", "summary": "1828476", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1828476" }, { "category": "external", "summary": "1834512", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1834512" }, { "category": "external", "summary": "1851327", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1851327" }, { "category": "external", "summary": "1853595", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1853595" }, { "category": "external", "summary": "JBEAP-18366", "url": "https://issues.redhat.com/browse/JBEAP-18366" }, { "category": "external", "summary": "JBEAP-18667", "url": "https://issues.redhat.com/browse/JBEAP-18667" }, { "category": "external", "summary": "JBEAP-18849", "url": "https://issues.redhat.com/browse/JBEAP-18849" }, { "category": "external", "summary": "JBEAP-18880", "url": "https://issues.redhat.com/browse/JBEAP-18880" }, { "category": "external", "summary": "JBEAP-18906", "url": "https://issues.redhat.com/browse/JBEAP-18906" }, { "category": "external", "summary": "JBEAP-18919", "url": "https://issues.redhat.com/browse/JBEAP-18919" }, { "category": "external", "summary": "JBEAP-18965", "url": "https://issues.redhat.com/browse/JBEAP-18965" }, { "category": "external", "summary": "JBEAP-19039", "url": "https://issues.redhat.com/browse/JBEAP-19039" }, { "category": "external", "summary": "JBEAP-19058", "url": "https://issues.redhat.com/browse/JBEAP-19058" }, { "category": "external", "summary": "JBEAP-19120", "url": "https://issues.redhat.com/browse/JBEAP-19120" }, { "category": "external", "summary": "JBEAP-19255", "url": "https://issues.redhat.com/browse/JBEAP-19255" }, { "category": "external", "summary": "JBEAP-19271", "url": "https://issues.redhat.com/browse/JBEAP-19271" }, { "category": "external", "summary": "JBEAP-19315", "url": "https://issues.redhat.com/browse/JBEAP-19315" }, { "category": "external", "summary": "JBEAP-19463", "url": "https://issues.redhat.com/browse/JBEAP-19463" }, { "category": "external", "summary": "JBEAP-19565", "url": "https://issues.redhat.com/browse/JBEAP-19565" }, { "category": "external", "summary": "JBEAP-19587", "url": "https://issues.redhat.com/browse/JBEAP-19587" }, { "category": "external", "summary": "JBEAP-19620", "url": "https://issues.redhat.com/browse/JBEAP-19620" }, { "category": "external", "summary": "JBEAP-19624", "url": "https://issues.redhat.com/browse/JBEAP-19624" }, { "category": "external", "summary": "JBEAP-19703", "url": "https://issues.redhat.com/browse/JBEAP-19703" }, { "category": "external", "summary": "JBEAP-19704", "url": "https://issues.redhat.com/browse/JBEAP-19704" }, { "category": "external", "summary": "JBEAP-19798", "url": "https://issues.redhat.com/browse/JBEAP-19798" }, { "category": "external", "summary": "JBEAP-19837", "url": "https://issues.redhat.com/browse/JBEAP-19837" }, { "category": "external", "summary": "JBEAP-19875", "url": "https://issues.redhat.com/browse/JBEAP-19875" }, { "category": "self", "summary": "Canonical URL", "url": "https://security.access.redhat.com/data/csaf/v2/advisories/2020/rhsa-2020_3638.json" } ], "title": "Red Hat Security Advisory: Red Hat JBoss Enterprise Application Platform 7.2.9 on RHEL 7 security update", "tracking": { "current_release_date": "2024-11-05T22:40:58+00:00", "generator": { "date": "2024-11-05T22:40:58+00:00", "engine": { "name": "Red Hat SDEngine", "version": "4.1.1" } }, "id": "RHSA-2020:3638", "initial_release_date": "2020-09-07T12:58:33+00:00", "revision_history": [ { "date": "2020-09-07T12:58:33+00:00", "number": "1", "summary": "Initial version" }, { "date": "2020-09-07T12:58:33+00:00", "number": "2", "summary": "Last updated version" }, { "date": "2024-11-05T22:40:58+00:00", "number": "3", "summary": "Last generated version" } ], "status": "final", "version": "3" } }, "product_tree": { "branches": [ { "branches": [ { "branches": [ { "category": "product_name", "name": "Red Hat JBoss EAP 7.2 for RHEL 7 Server", "product": { "name": "Red Hat JBoss EAP 7.2 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.2", "product_identification_helper": { "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:7.2::el7" } } } ], "category": "product_family", "name": "Red Hat JBoss Enterprise Application Platform" }, { "branches": [ { "category": "product_version", "name": "eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el7eap.noarch", "product": { "name": "eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el7eap.noarch", "product_id": "eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el7eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-hibernate-validator@6.0.20-1.Final_redhat_00001.1.el7eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el7eap.noarch", "product": { "name": "eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el7eap.noarch", "product_id": "eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el7eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-hibernate-validator-cdi@6.0.20-1.Final_redhat_00001.1.el7eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-undertow-server-0:1.2.5-1.Final_redhat_00001.1.el7eap.noarch", "product": { "name": "eap7-undertow-server-0:1.2.5-1.Final_redhat_00001.1.el7eap.noarch", "product_id": "eap7-undertow-server-0:1.2.5-1.Final_redhat_00001.1.el7eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-undertow-server@1.2.5-1.Final_redhat_00001.1.el7eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-dom4j-0:2.1.3-1.redhat_00001.1.el7eap.noarch", "product": { "name": "eap7-dom4j-0:2.1.3-1.redhat_00001.1.el7eap.noarch", "product_id": "eap7-dom4j-0:2.1.3-1.redhat_00001.1.el7eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-dom4j@2.1.3-1.redhat_00001.1.el7eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "product": { "name": "eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "product_id": "eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-resteasy@3.6.1-10.SP9_redhat_00001.1.el7eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-resteasy-atom-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "product": { "name": "eap7-resteasy-atom-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "product_id": "eap7-resteasy-atom-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-resteasy-atom-provider@3.6.1-10.SP9_redhat_00001.1.el7eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-resteasy-cdi-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "product": { "name": "eap7-resteasy-cdi-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "product_id": "eap7-resteasy-cdi-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-resteasy-cdi@3.6.1-10.SP9_redhat_00001.1.el7eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-resteasy-client-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "product": { "name": "eap7-resteasy-client-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "product_id": "eap7-resteasy-client-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-resteasy-client@3.6.1-10.SP9_redhat_00001.1.el7eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-resteasy-client-microprofile-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "product": { "name": "eap7-resteasy-client-microprofile-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "product_id": "eap7-resteasy-client-microprofile-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-resteasy-client-microprofile@3.6.1-10.SP9_redhat_00001.1.el7eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-resteasy-crypto-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "product": { "name": "eap7-resteasy-crypto-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "product_id": "eap7-resteasy-crypto-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-resteasy-crypto@3.6.1-10.SP9_redhat_00001.1.el7eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-resteasy-jackson-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "product": { "name": "eap7-resteasy-jackson-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "product_id": "eap7-resteasy-jackson-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-resteasy-jackson-provider@3.6.1-10.SP9_redhat_00001.1.el7eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-resteasy-jackson2-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "product": { "name": "eap7-resteasy-jackson2-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "product_id": "eap7-resteasy-jackson2-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-resteasy-jackson2-provider@3.6.1-10.SP9_redhat_00001.1.el7eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-resteasy-jaxb-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "product": { "name": "eap7-resteasy-jaxb-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "product_id": "eap7-resteasy-jaxb-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-resteasy-jaxb-provider@3.6.1-10.SP9_redhat_00001.1.el7eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-resteasy-jaxrs-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "product": { "name": "eap7-resteasy-jaxrs-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "product_id": "eap7-resteasy-jaxrs-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-resteasy-jaxrs@3.6.1-10.SP9_redhat_00001.1.el7eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-resteasy-jettison-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "product": { "name": "eap7-resteasy-jettison-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "product_id": "eap7-resteasy-jettison-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-resteasy-jettison-provider@3.6.1-10.SP9_redhat_00001.1.el7eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-resteasy-jose-jwt-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "product": { "name": "eap7-resteasy-jose-jwt-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "product_id": "eap7-resteasy-jose-jwt-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-resteasy-jose-jwt@3.6.1-10.SP9_redhat_00001.1.el7eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-resteasy-jsapi-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "product": { "name": "eap7-resteasy-jsapi-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "product_id": "eap7-resteasy-jsapi-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-resteasy-jsapi@3.6.1-10.SP9_redhat_00001.1.el7eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-resteasy-json-binding-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "product": { "name": "eap7-resteasy-json-binding-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "product_id": "eap7-resteasy-json-binding-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-resteasy-json-binding-provider@3.6.1-10.SP9_redhat_00001.1.el7eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-resteasy-json-p-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "product": { "name": "eap7-resteasy-json-p-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "product_id": "eap7-resteasy-json-p-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-resteasy-json-p-provider@3.6.1-10.SP9_redhat_00001.1.el7eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-resteasy-multipart-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "product": { "name": "eap7-resteasy-multipart-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "product_id": "eap7-resteasy-multipart-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-resteasy-multipart-provider@3.6.1-10.SP9_redhat_00001.1.el7eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-resteasy-rxjava2-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "product": { "name": "eap7-resteasy-rxjava2-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "product_id": "eap7-resteasy-rxjava2-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-resteasy-rxjava2@3.6.1-10.SP9_redhat_00001.1.el7eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-resteasy-spring-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "product": { "name": "eap7-resteasy-spring-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "product_id": "eap7-resteasy-spring-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-resteasy-spring@3.6.1-10.SP9_redhat_00001.1.el7eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-resteasy-validator-provider-11-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "product": { "name": "eap7-resteasy-validator-provider-11-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "product_id": "eap7-resteasy-validator-provider-11-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-resteasy-validator-provider-11@3.6.1-10.SP9_redhat_00001.1.el7eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-resteasy-yaml-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "product": { "name": "eap7-resteasy-yaml-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "product_id": "eap7-resteasy-yaml-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-resteasy-yaml-provider@3.6.1-10.SP9_redhat_00001.1.el7eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el7eap.noarch", "product": { "name": "eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el7eap.noarch", "product_id": "eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el7eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jboss-xnio-base@3.7.6-4.SP3_redhat_00001.1.el7eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el7eap.noarch", "product": { "name": "eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el7eap.noarch", "product_id": "eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el7eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jackson-databind@2.9.10.4-1.redhat_00001.1.el7eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "product": { "name": "eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "product_id": "eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-hibernate@5.3.17-1.Final_redhat_00001.1.el7eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "product": { "name": "eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "product_id": "eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-hibernate-core@5.3.17-1.Final_redhat_00001.1.el7eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "product": { "name": "eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "product_id": "eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-hibernate-entitymanager@5.3.17-1.Final_redhat_00001.1.el7eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "product": { "name": "eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "product_id": "eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-hibernate-envers@5.3.17-1.Final_redhat_00001.1.el7eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "product": { "name": "eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "product_id": "eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-hibernate-java8@5.3.17-1.Final_redhat_00001.1.el7eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el7eap.noarch", "product": { "name": "eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el7eap.noarch", "product_id": "eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el7eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jboss-genericjms@2.0.6-1.Final_redhat_00001.1.el7eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el7eap.noarch", "product": { "name": "eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el7eap.noarch", "product_id": "eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el7eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-undertow@2.0.30-4.SP4_redhat_00001.1.el7eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el7eap.noarch", "product": { "name": "eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el7eap.noarch", "product_id": "eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el7eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-wildfly-elytron@1.6.8-1.Final_redhat_00001.1.el7eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el7eap.noarch", "product": { "name": "eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el7eap.noarch", "product_id": "eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el7eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-glassfish-jsf@2.3.5-13.SP3_redhat_00011.1.el7eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el7eap.noarch", "product": { "name": "eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el7eap.noarch", "product_id": "eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el7eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jboss-jsf-api_2.3_spec@2.3.5-7.SP2_redhat_00005.1.el7eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el7eap.noarch", "product": { "name": "eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el7eap.noarch", "product_id": "eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el7eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jboss-logmanager@2.1.15-1.Final_redhat_00001.1.el7eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch", "product": { "name": "eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch", "product_id": "eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-weld-core@3.0.6-4.Final_redhat_00004.1.el7eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-weld-core-impl-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch", "product": { "name": "eap7-weld-core-impl-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch", "product_id": "eap7-weld-core-impl-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-weld-core-impl@3.0.6-4.Final_redhat_00004.1.el7eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-weld-core-jsf-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch", "product": { "name": "eap7-weld-core-jsf-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch", "product_id": "eap7-weld-core-jsf-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-weld-core-jsf@3.0.6-4.Final_redhat_00004.1.el7eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-weld-ejb-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch", "product": { "name": "eap7-weld-ejb-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch", "product_id": "eap7-weld-ejb-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-weld-ejb@3.0.6-4.Final_redhat_00004.1.el7eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-weld-jta-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch", "product": { "name": "eap7-weld-jta-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch", "product_id": "eap7-weld-jta-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-weld-jta@3.0.6-4.Final_redhat_00004.1.el7eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-weld-probe-core-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch", "product": { "name": "eap7-weld-probe-core-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch", "product_id": "eap7-weld-probe-core-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-weld-probe-core@3.0.6-4.Final_redhat_00004.1.el7eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-weld-web-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch", "product": { "name": "eap7-weld-web-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch", "product_id": "eap7-weld-web-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-weld-web@3.0.6-4.Final_redhat_00004.1.el7eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el7eap.noarch", "product": { "name": "eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el7eap.noarch", "product_id": "eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el7eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jboss-modules@1.8.10-1.Final_redhat_00001.1.el7eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el7eap.noarch", "product": { "name": "eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el7eap.noarch", "product_id": "eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el7eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-wildfly-transaction-client@1.1.11-1.Final_redhat_00001.1.el7eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el7eap.noarch", "product": { "name": "eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el7eap.noarch", "product_id": "eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el7eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-hal-console@3.0.23-1.Final_redhat_00001.1.el7eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "product": { "name": "eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "product_id": "eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jboss-server-migration@1.3.1-13.Final_redhat_00014.1.el7eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-jboss-server-migration-cli-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "product": { "name": "eap7-jboss-server-migration-cli-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "product_id": "eap7-jboss-server-migration-cli-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jboss-server-migration-cli@1.3.1-13.Final_redhat_00014.1.el7eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-jboss-server-migration-core-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "product": { "name": "eap7-jboss-server-migration-core-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "product_id": "eap7-jboss-server-migration-core-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jboss-server-migration-core@1.3.1-13.Final_redhat_00014.1.el7eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-jboss-server-migration-eap6.4-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "product": { "name": "eap7-jboss-server-migration-eap6.4-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "product_id": "eap7-jboss-server-migration-eap6.4-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jboss-server-migration-eap6.4@1.3.1-13.Final_redhat_00014.1.el7eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-jboss-server-migration-eap6.4-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "product": { "name": "eap7-jboss-server-migration-eap6.4-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "product_id": "eap7-jboss-server-migration-eap6.4-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jboss-server-migration-eap6.4-to-eap7.2@1.3.1-13.Final_redhat_00014.1.el7eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-jboss-server-migration-eap7.0-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "product": { "name": "eap7-jboss-server-migration-eap7.0-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "product_id": "eap7-jboss-server-migration-eap7.0-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jboss-server-migration-eap7.0@1.3.1-13.Final_redhat_00014.1.el7eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-jboss-server-migration-eap7.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "product": { "name": "eap7-jboss-server-migration-eap7.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "product_id": "eap7-jboss-server-migration-eap7.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jboss-server-migration-eap7.0-to-eap7.2@1.3.1-13.Final_redhat_00014.1.el7eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-jboss-server-migration-eap7.1-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "product": { "name": "eap7-jboss-server-migration-eap7.1-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "product_id": "eap7-jboss-server-migration-eap7.1-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jboss-server-migration-eap7.1@1.3.1-13.Final_redhat_00014.1.el7eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-jboss-server-migration-eap7.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "product": { "name": "eap7-jboss-server-migration-eap7.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "product_id": "eap7-jboss-server-migration-eap7.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jboss-server-migration-eap7.1-to-eap7.2@1.3.1-13.Final_redhat_00014.1.el7eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-jboss-server-migration-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "product": { "name": "eap7-jboss-server-migration-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "product_id": "eap7-jboss-server-migration-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jboss-server-migration-eap7.2@1.3.1-13.Final_redhat_00014.1.el7eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-jboss-server-migration-wildfly10.0-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "product": { "name": "eap7-jboss-server-migration-wildfly10.0-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "product_id": "eap7-jboss-server-migration-wildfly10.0-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jboss-server-migration-wildfly10.0@1.3.1-13.Final_redhat_00014.1.el7eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-jboss-server-migration-wildfly10.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "product": { "name": "eap7-jboss-server-migration-wildfly10.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "product_id": "eap7-jboss-server-migration-wildfly10.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jboss-server-migration-wildfly10.0-to-eap7.2@1.3.1-13.Final_redhat_00014.1.el7eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-jboss-server-migration-wildfly10.1-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "product": { "name": "eap7-jboss-server-migration-wildfly10.1-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "product_id": "eap7-jboss-server-migration-wildfly10.1-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jboss-server-migration-wildfly10.1@1.3.1-13.Final_redhat_00014.1.el7eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-jboss-server-migration-wildfly10.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "product": { "name": "eap7-jboss-server-migration-wildfly10.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "product_id": "eap7-jboss-server-migration-wildfly10.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jboss-server-migration-wildfly10.1-to-eap7.2@1.3.1-13.Final_redhat_00014.1.el7eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-jboss-server-migration-wildfly11.0-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "product": { "name": "eap7-jboss-server-migration-wildfly11.0-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "product_id": "eap7-jboss-server-migration-wildfly11.0-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jboss-server-migration-wildfly11.0@1.3.1-13.Final_redhat_00014.1.el7eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-jboss-server-migration-wildfly11.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "product": { "name": "eap7-jboss-server-migration-wildfly11.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "product_id": "eap7-jboss-server-migration-wildfly11.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jboss-server-migration-wildfly11.0-to-eap7.2@1.3.1-13.Final_redhat_00014.1.el7eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-jboss-server-migration-wildfly12.0-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "product": { "name": "eap7-jboss-server-migration-wildfly12.0-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "product_id": "eap7-jboss-server-migration-wildfly12.0-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jboss-server-migration-wildfly12.0@1.3.1-13.Final_redhat_00014.1.el7eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-jboss-server-migration-wildfly12.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "product": { "name": "eap7-jboss-server-migration-wildfly12.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "product_id": "eap7-jboss-server-migration-wildfly12.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jboss-server-migration-wildfly12.0-to-eap7.2@1.3.1-13.Final_redhat_00014.1.el7eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-jboss-server-migration-wildfly13.0-server-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "product": { "name": "eap7-jboss-server-migration-wildfly13.0-server-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "product_id": "eap7-jboss-server-migration-wildfly13.0-server-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jboss-server-migration-wildfly13.0-server@1.3.1-13.Final_redhat_00014.1.el7eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-jboss-server-migration-wildfly14.0-server-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "product": { "name": "eap7-jboss-server-migration-wildfly14.0-server-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "product_id": "eap7-jboss-server-migration-wildfly14.0-server-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jboss-server-migration-wildfly14.0-server@1.3.1-13.Final_redhat_00014.1.el7eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-jboss-server-migration-wildfly8.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "product": { "name": "eap7-jboss-server-migration-wildfly8.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "product_id": "eap7-jboss-server-migration-wildfly8.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jboss-server-migration-wildfly8.2@1.3.1-13.Final_redhat_00014.1.el7eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-jboss-server-migration-wildfly8.2-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "product": { "name": "eap7-jboss-server-migration-wildfly8.2-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "product_id": "eap7-jboss-server-migration-wildfly8.2-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jboss-server-migration-wildfly8.2-to-eap7.2@1.3.1-13.Final_redhat_00014.1.el7eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-jboss-server-migration-wildfly9.0-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "product": { "name": "eap7-jboss-server-migration-wildfly9.0-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "product_id": "eap7-jboss-server-migration-wildfly9.0-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jboss-server-migration-wildfly9.0@1.3.1-13.Final_redhat_00014.1.el7eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-jboss-server-migration-wildfly9.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "product": { "name": "eap7-jboss-server-migration-wildfly9.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "product_id": "eap7-jboss-server-migration-wildfly9.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jboss-server-migration-wildfly9.0-to-eap7.2@1.3.1-13.Final_redhat_00014.1.el7eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch", "product": { "name": "eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch", "product_id": "eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-wildfly-http-client-common@1.0.22-1.Final_redhat_00001.1.el7eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch", "product": { "name": "eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch", "product_id": "eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-wildfly-http-ejb-client@1.0.22-1.Final_redhat_00001.1.el7eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch", "product": { "name": "eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch", "product_id": "eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-wildfly-http-naming-client@1.0.22-1.Final_redhat_00001.1.el7eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch", "product": { "name": "eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch", "product_id": "eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-wildfly-http-transaction-client@1.0.22-1.Final_redhat_00001.1.el7eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el7eap.noarch", "product": { "name": "eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el7eap.noarch", "product_id": "eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el7eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-wildfly@7.2.9-4.GA_redhat_00003.1.el7eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-wildfly-java-jdk11-0:7.2.9-4.GA_redhat_00003.1.el7eap.noarch", "product": { "name": "eap7-wildfly-java-jdk11-0:7.2.9-4.GA_redhat_00003.1.el7eap.noarch", "product_id": "eap7-wildfly-java-jdk11-0:7.2.9-4.GA_redhat_00003.1.el7eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-wildfly-java-jdk11@7.2.9-4.GA_redhat_00003.1.el7eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-wildfly-java-jdk8-0:7.2.9-4.GA_redhat_00003.1.el7eap.noarch", "product": { "name": "eap7-wildfly-java-jdk8-0:7.2.9-4.GA_redhat_00003.1.el7eap.noarch", "product_id": "eap7-wildfly-java-jdk8-0:7.2.9-4.GA_redhat_00003.1.el7eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-wildfly-java-jdk8@7.2.9-4.GA_redhat_00003.1.el7eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-wildfly-javadocs-0:7.2.9-4.GA_redhat_00003.1.el7eap.noarch", "product": { "name": "eap7-wildfly-javadocs-0:7.2.9-4.GA_redhat_00003.1.el7eap.noarch", "product_id": "eap7-wildfly-javadocs-0:7.2.9-4.GA_redhat_00003.1.el7eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-wildfly-javadocs@7.2.9-4.GA_redhat_00003.1.el7eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-wildfly-modules-0:7.2.9-4.GA_redhat_00003.1.el7eap.noarch", "product": { "name": "eap7-wildfly-modules-0:7.2.9-4.GA_redhat_00003.1.el7eap.noarch", "product_id": "eap7-wildfly-modules-0:7.2.9-4.GA_redhat_00003.1.el7eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-wildfly-modules@7.2.9-4.GA_redhat_00003.1.el7eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "product": { "name": "eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "product_id": "eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-ironjacamar@1.4.22-1.Final_redhat_00001.1.el7eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "product": { "name": "eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "product_id": "eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-ironjacamar-common-api@1.4.22-1.Final_redhat_00001.1.el7eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "product": { "name": "eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "product_id": "eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-ironjacamar-common-impl@1.4.22-1.Final_redhat_00001.1.el7eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "product": { "name": "eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "product_id": "eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-ironjacamar-common-spi@1.4.22-1.Final_redhat_00001.1.el7eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "product": { "name": "eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "product_id": "eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-ironjacamar-core-api@1.4.22-1.Final_redhat_00001.1.el7eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "product": { "name": "eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "product_id": "eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-ironjacamar-core-impl@1.4.22-1.Final_redhat_00001.1.el7eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "product": { "name": "eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "product_id": "eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-ironjacamar-deployers-common@1.4.22-1.Final_redhat_00001.1.el7eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "product": { "name": "eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "product_id": "eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-ironjacamar-jdbc@1.4.22-1.Final_redhat_00001.1.el7eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "product": { "name": "eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "product_id": "eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-ironjacamar-validator@1.4.22-1.Final_redhat_00001.1.el7eap?arch=noarch" } } } ], "category": "architecture", "name": "noarch" }, { "branches": [ { "category": "product_version", "name": "eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el7eap.src", "product": { "name": "eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el7eap.src", "product_id": "eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el7eap.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-hibernate-validator@6.0.20-1.Final_redhat_00001.1.el7eap?arch=src" } } }, { "category": "product_version", "name": "eap7-elytron-web-0:1.2.5-1.Final_redhat_00001.1.el7eap.src", "product": { "name": "eap7-elytron-web-0:1.2.5-1.Final_redhat_00001.1.el7eap.src", "product_id": "eap7-elytron-web-0:1.2.5-1.Final_redhat_00001.1.el7eap.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-elytron-web@1.2.5-1.Final_redhat_00001.1.el7eap?arch=src" } } }, { "category": "product_version", "name": "eap7-dom4j-0:2.1.3-1.redhat_00001.1.el7eap.src", "product": { "name": "eap7-dom4j-0:2.1.3-1.redhat_00001.1.el7eap.src", "product_id": "eap7-dom4j-0:2.1.3-1.redhat_00001.1.el7eap.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-dom4j@2.1.3-1.redhat_00001.1.el7eap?arch=src" } } }, { "category": "product_version", "name": "eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el7eap.src", "product": { "name": "eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el7eap.src", "product_id": "eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el7eap.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-resteasy@3.6.1-10.SP9_redhat_00001.1.el7eap?arch=src" } } }, { "category": "product_version", "name": "eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el7eap.src", "product": { "name": "eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el7eap.src", "product_id": "eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el7eap.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jboss-xnio-base@3.7.6-4.SP3_redhat_00001.1.el7eap?arch=src" } } }, { "category": "product_version", "name": "eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el7eap.src", "product": { "name": "eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el7eap.src", "product_id": "eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el7eap.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jackson-databind@2.9.10.4-1.redhat_00001.1.el7eap?arch=src" } } }, { "category": "product_version", "name": "eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el7eap.src", "product": { "name": "eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el7eap.src", "product_id": "eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el7eap.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-hibernate@5.3.17-1.Final_redhat_00001.1.el7eap?arch=src" } } }, { "category": "product_version", "name": "eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el7eap.src", "product": { "name": "eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el7eap.src", "product_id": "eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el7eap.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jboss-genericjms@2.0.6-1.Final_redhat_00001.1.el7eap?arch=src" } } }, { "category": "product_version", "name": "eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el7eap.src", "product": { "name": "eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el7eap.src", "product_id": "eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el7eap.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-undertow@2.0.30-4.SP4_redhat_00001.1.el7eap?arch=src" } } }, { "category": "product_version", "name": "eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el7eap.src", "product": { "name": "eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el7eap.src", "product_id": "eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el7eap.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-wildfly-elytron@1.6.8-1.Final_redhat_00001.1.el7eap?arch=src" } } }, { "category": "product_version", "name": "eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el7eap.src", "product": { "name": "eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el7eap.src", "product_id": "eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el7eap.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-glassfish-jsf@2.3.5-13.SP3_redhat_00011.1.el7eap?arch=src" } } }, { "category": "product_version", "name": "eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el7eap.src", "product": { "name": "eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el7eap.src", "product_id": "eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el7eap.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jboss-jsf-api_2.3_spec@2.3.5-7.SP2_redhat_00005.1.el7eap?arch=src" } } }, { "category": "product_version", "name": "eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el7eap.src", "product": { "name": "eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el7eap.src", "product_id": "eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el7eap.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jboss-logmanager@2.1.15-1.Final_redhat_00001.1.el7eap?arch=src" } } }, { "category": "product_version", "name": "eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el7eap.src", "product": { "name": "eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el7eap.src", "product_id": "eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el7eap.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-weld-core@3.0.6-4.Final_redhat_00004.1.el7eap?arch=src" } } }, { "category": "product_version", "name": "eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el7eap.src", "product": { "name": "eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el7eap.src", "product_id": "eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el7eap.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jboss-modules@1.8.10-1.Final_redhat_00001.1.el7eap?arch=src" } } }, { "category": "product_version", "name": "eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el7eap.src", "product": { "name": "eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el7eap.src", "product_id": "eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el7eap.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-wildfly-transaction-client@1.1.11-1.Final_redhat_00001.1.el7eap?arch=src" } } }, { "category": "product_version", "name": "eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el7eap.src", "product": { "name": "eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el7eap.src", "product_id": "eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el7eap.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-hal-console@3.0.23-1.Final_redhat_00001.1.el7eap?arch=src" } } }, { "category": "product_version", "name": "eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el7eap.src", "product": { "name": "eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el7eap.src", "product_id": "eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el7eap.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jboss-server-migration@1.3.1-13.Final_redhat_00014.1.el7eap?arch=src" } } }, { "category": "product_version", "name": "eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.src", "product": { "name": "eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.src", "product_id": "eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-wildfly-http-client@1.0.22-1.Final_redhat_00001.1.el7eap?arch=src" } } }, { "category": "product_version", "name": "eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el7eap.src", "product": { "name": "eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el7eap.src", "product_id": "eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el7eap.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-wildfly@7.2.9-4.GA_redhat_00003.1.el7eap?arch=src" } } }, { "category": "product_version", "name": "eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el7eap.src", "product": { "name": "eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el7eap.src", "product_id": "eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el7eap.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-ironjacamar@1.4.22-1.Final_redhat_00001.1.el7eap?arch=src" } } } ], "category": "architecture", "name": "src" } ], "category": "vendor", "name": "Red Hat" } ], "relationships": [ { "category": "default_component_of", "full_product_name": { "name": "eap7-dom4j-0:2.1.3-1.redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.2 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.2:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el7eap.noarch" }, "product_reference": "eap7-dom4j-0:2.1.3-1.redhat_00001.1.el7eap.noarch", "relates_to_product_reference": "7Server-JBEAP-7.2" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-dom4j-0:2.1.3-1.redhat_00001.1.el7eap.src as a component of Red Hat JBoss EAP 7.2 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.2:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el7eap.src" }, "product_reference": "eap7-dom4j-0:2.1.3-1.redhat_00001.1.el7eap.src", "relates_to_product_reference": "7Server-JBEAP-7.2" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-elytron-web-0:1.2.5-1.Final_redhat_00001.1.el7eap.src as a component of Red Hat JBoss EAP 7.2 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.2:eap7-elytron-web-0:1.2.5-1.Final_redhat_00001.1.el7eap.src" }, "product_reference": "eap7-elytron-web-0:1.2.5-1.Final_redhat_00001.1.el7eap.src", "relates_to_product_reference": "7Server-JBEAP-7.2" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.2 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el7eap.noarch" }, "product_reference": "eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el7eap.noarch", "relates_to_product_reference": "7Server-JBEAP-7.2" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el7eap.src as a component of Red Hat JBoss EAP 7.2 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el7eap.src" }, "product_reference": "eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el7eap.src", "relates_to_product_reference": "7Server-JBEAP-7.2" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.2 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.2:eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el7eap.noarch" }, "product_reference": "eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el7eap.noarch", "relates_to_product_reference": "7Server-JBEAP-7.2" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el7eap.src as a component of Red Hat JBoss EAP 7.2 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.2:eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el7eap.src" }, "product_reference": "eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el7eap.src", "relates_to_product_reference": "7Server-JBEAP-7.2" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.2 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.2:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch" }, "product_reference": "eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "relates_to_product_reference": "7Server-JBEAP-7.2" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el7eap.src as a component of Red Hat JBoss EAP 7.2 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.2:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el7eap.src" }, "product_reference": "eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el7eap.src", "relates_to_product_reference": "7Server-JBEAP-7.2" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.2 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.2:eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch" }, "product_reference": "eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "relates_to_product_reference": "7Server-JBEAP-7.2" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.2 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.2:eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch" }, "product_reference": "eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "relates_to_product_reference": "7Server-JBEAP-7.2" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.2 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.2:eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch" }, "product_reference": "eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "relates_to_product_reference": "7Server-JBEAP-7.2" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.2 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.2:eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch" }, "product_reference": "eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "relates_to_product_reference": "7Server-JBEAP-7.2" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.2 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.2:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el7eap.noarch" }, "product_reference": "eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el7eap.noarch", "relates_to_product_reference": "7Server-JBEAP-7.2" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el7eap.src as a component of Red Hat JBoss EAP 7.2 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.2:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el7eap.src" }, "product_reference": "eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el7eap.src", "relates_to_product_reference": "7Server-JBEAP-7.2" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.2 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.2:eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el7eap.noarch" }, "product_reference": "eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el7eap.noarch", "relates_to_product_reference": "7Server-JBEAP-7.2" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.2 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.2:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch" }, "product_reference": "eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "relates_to_product_reference": "7Server-JBEAP-7.2" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el7eap.src as a component of Red Hat JBoss EAP 7.2 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.2:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el7eap.src" }, "product_reference": "eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el7eap.src", "relates_to_product_reference": "7Server-JBEAP-7.2" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.2 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.2:eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch" }, "product_reference": "eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "relates_to_product_reference": "7Server-JBEAP-7.2" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.2 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.2:eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch" }, "product_reference": "eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "relates_to_product_reference": "7Server-JBEAP-7.2" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.2 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.2:eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch" }, "product_reference": "eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "relates_to_product_reference": "7Server-JBEAP-7.2" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.2 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.2:eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch" }, "product_reference": "eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "relates_to_product_reference": "7Server-JBEAP-7.2" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.2 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.2:eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch" }, "product_reference": "eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "relates_to_product_reference": "7Server-JBEAP-7.2" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.2 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.2:eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch" }, "product_reference": "eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "relates_to_product_reference": "7Server-JBEAP-7.2" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.2 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.2:eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch" }, "product_reference": "eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "relates_to_product_reference": "7Server-JBEAP-7.2" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.2 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.2:eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch" }, "product_reference": "eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "relates_to_product_reference": "7Server-JBEAP-7.2" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.2 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el7eap.noarch" }, "product_reference": "eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el7eap.noarch", "relates_to_product_reference": "7Server-JBEAP-7.2" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el7eap.src as a component of Red Hat JBoss EAP 7.2 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el7eap.src" }, "product_reference": "eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el7eap.src", "relates_to_product_reference": "7Server-JBEAP-7.2" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.2 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.2:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el7eap.noarch" }, "product_reference": "eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el7eap.noarch", "relates_to_product_reference": "7Server-JBEAP-7.2" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el7eap.src as a component of Red Hat JBoss EAP 7.2 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.2:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el7eap.src" }, "product_reference": "eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el7eap.src", "relates_to_product_reference": "7Server-JBEAP-7.2" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.2 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el7eap.noarch" }, "product_reference": "eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el7eap.noarch", "relates_to_product_reference": "7Server-JBEAP-7.2" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el7eap.src as a component of Red Hat JBoss EAP 7.2 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el7eap.src" }, "product_reference": "eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el7eap.src", "relates_to_product_reference": "7Server-JBEAP-7.2" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.2 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.2:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el7eap.noarch" }, "product_reference": "eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el7eap.noarch", "relates_to_product_reference": "7Server-JBEAP-7.2" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el7eap.src as a component of Red Hat JBoss EAP 7.2 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.2:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el7eap.src" }, "product_reference": "eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el7eap.src", "relates_to_product_reference": "7Server-JBEAP-7.2" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.2 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.2:eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el7eap.noarch" }, "product_reference": "eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el7eap.noarch", "relates_to_product_reference": "7Server-JBEAP-7.2" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el7eap.src as a component of Red Hat JBoss EAP 7.2 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.2:eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el7eap.src" }, "product_reference": "eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el7eap.src", "relates_to_product_reference": "7Server-JBEAP-7.2" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.2 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch" }, "product_reference": "eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "relates_to_product_reference": "7Server-JBEAP-7.2" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el7eap.src as a component of Red Hat JBoss EAP 7.2 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el7eap.src" }, "product_reference": "eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el7eap.src", "relates_to_product_reference": "7Server-JBEAP-7.2" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jboss-server-migration-cli-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.2 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.2:eap7-jboss-server-migration-cli-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch" }, "product_reference": "eap7-jboss-server-migration-cli-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "relates_to_product_reference": "7Server-JBEAP-7.2" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jboss-server-migration-core-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.2 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.2:eap7-jboss-server-migration-core-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch" }, "product_reference": "eap7-jboss-server-migration-core-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "relates_to_product_reference": "7Server-JBEAP-7.2" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jboss-server-migration-eap6.4-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.2 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch" }, "product_reference": "eap7-jboss-server-migration-eap6.4-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "relates_to_product_reference": "7Server-JBEAP-7.2" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jboss-server-migration-eap6.4-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.2 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch" }, "product_reference": "eap7-jboss-server-migration-eap6.4-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "relates_to_product_reference": "7Server-JBEAP-7.2" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jboss-server-migration-eap7.0-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.2 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch" }, "product_reference": "eap7-jboss-server-migration-eap7.0-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "relates_to_product_reference": "7Server-JBEAP-7.2" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jboss-server-migration-eap7.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.2 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch" }, "product_reference": "eap7-jboss-server-migration-eap7.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "relates_to_product_reference": "7Server-JBEAP-7.2" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jboss-server-migration-eap7.1-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.2 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch" }, "product_reference": "eap7-jboss-server-migration-eap7.1-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "relates_to_product_reference": "7Server-JBEAP-7.2" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jboss-server-migration-eap7.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.2 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch" }, "product_reference": "eap7-jboss-server-migration-eap7.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "relates_to_product_reference": "7Server-JBEAP-7.2" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jboss-server-migration-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.2 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch" }, "product_reference": "eap7-jboss-server-migration-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "relates_to_product_reference": "7Server-JBEAP-7.2" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jboss-server-migration-wildfly10.0-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.2 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch" }, "product_reference": "eap7-jboss-server-migration-wildfly10.0-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "relates_to_product_reference": "7Server-JBEAP-7.2" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jboss-server-migration-wildfly10.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.2 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch" }, "product_reference": "eap7-jboss-server-migration-wildfly10.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "relates_to_product_reference": "7Server-JBEAP-7.2" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jboss-server-migration-wildfly10.1-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.2 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch" }, "product_reference": "eap7-jboss-server-migration-wildfly10.1-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "relates_to_product_reference": "7Server-JBEAP-7.2" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jboss-server-migration-wildfly10.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.2 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch" }, "product_reference": "eap7-jboss-server-migration-wildfly10.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "relates_to_product_reference": "7Server-JBEAP-7.2" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jboss-server-migration-wildfly11.0-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.2 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch" }, "product_reference": "eap7-jboss-server-migration-wildfly11.0-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "relates_to_product_reference": "7Server-JBEAP-7.2" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jboss-server-migration-wildfly11.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.2 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch" }, "product_reference": "eap7-jboss-server-migration-wildfly11.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "relates_to_product_reference": "7Server-JBEAP-7.2" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jboss-server-migration-wildfly12.0-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.2 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch" }, "product_reference": "eap7-jboss-server-migration-wildfly12.0-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "relates_to_product_reference": "7Server-JBEAP-7.2" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jboss-server-migration-wildfly12.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.2 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch" }, "product_reference": "eap7-jboss-server-migration-wildfly12.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "relates_to_product_reference": "7Server-JBEAP-7.2" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jboss-server-migration-wildfly13.0-server-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.2 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly13.0-server-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch" }, "product_reference": "eap7-jboss-server-migration-wildfly13.0-server-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "relates_to_product_reference": "7Server-JBEAP-7.2" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jboss-server-migration-wildfly14.0-server-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.2 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly14.0-server-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch" }, "product_reference": "eap7-jboss-server-migration-wildfly14.0-server-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "relates_to_product_reference": "7Server-JBEAP-7.2" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jboss-server-migration-wildfly8.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.2 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch" }, "product_reference": "eap7-jboss-server-migration-wildfly8.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "relates_to_product_reference": "7Server-JBEAP-7.2" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jboss-server-migration-wildfly8.2-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.2 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch" }, "product_reference": "eap7-jboss-server-migration-wildfly8.2-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "relates_to_product_reference": "7Server-JBEAP-7.2" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jboss-server-migration-wildfly9.0-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.2 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch" }, "product_reference": "eap7-jboss-server-migration-wildfly9.0-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "relates_to_product_reference": "7Server-JBEAP-7.2" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jboss-server-migration-wildfly9.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.2 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch" }, "product_reference": "eap7-jboss-server-migration-wildfly9.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "relates_to_product_reference": "7Server-JBEAP-7.2" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.2 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el7eap.noarch" }, "product_reference": "eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el7eap.noarch", "relates_to_product_reference": "7Server-JBEAP-7.2" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el7eap.src as a component of Red Hat JBoss EAP 7.2 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el7eap.src" }, "product_reference": "eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el7eap.src", "relates_to_product_reference": "7Server-JBEAP-7.2" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.2 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.2:eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch" }, "product_reference": "eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "relates_to_product_reference": "7Server-JBEAP-7.2" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el7eap.src as a component of Red Hat JBoss EAP 7.2 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.2:eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el7eap.src" }, "product_reference": "eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el7eap.src", "relates_to_product_reference": "7Server-JBEAP-7.2" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-resteasy-atom-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.2 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.2:eap7-resteasy-atom-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch" }, "product_reference": "eap7-resteasy-atom-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "relates_to_product_reference": "7Server-JBEAP-7.2" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-resteasy-cdi-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.2 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.2:eap7-resteasy-cdi-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch" }, "product_reference": "eap7-resteasy-cdi-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "relates_to_product_reference": "7Server-JBEAP-7.2" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-resteasy-client-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.2 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.2:eap7-resteasy-client-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch" }, "product_reference": "eap7-resteasy-client-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "relates_to_product_reference": "7Server-JBEAP-7.2" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-resteasy-client-microprofile-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.2 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.2:eap7-resteasy-client-microprofile-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch" }, "product_reference": "eap7-resteasy-client-microprofile-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "relates_to_product_reference": "7Server-JBEAP-7.2" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-resteasy-crypto-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.2 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.2:eap7-resteasy-crypto-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch" }, "product_reference": "eap7-resteasy-crypto-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "relates_to_product_reference": "7Server-JBEAP-7.2" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-resteasy-jackson-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.2 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.2:eap7-resteasy-jackson-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch" }, "product_reference": "eap7-resteasy-jackson-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "relates_to_product_reference": "7Server-JBEAP-7.2" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-resteasy-jackson2-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.2 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.2:eap7-resteasy-jackson2-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch" }, "product_reference": "eap7-resteasy-jackson2-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "relates_to_product_reference": "7Server-JBEAP-7.2" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-resteasy-jaxb-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.2 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.2:eap7-resteasy-jaxb-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch" }, "product_reference": "eap7-resteasy-jaxb-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "relates_to_product_reference": "7Server-JBEAP-7.2" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-resteasy-jaxrs-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.2 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.2:eap7-resteasy-jaxrs-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch" }, "product_reference": "eap7-resteasy-jaxrs-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "relates_to_product_reference": "7Server-JBEAP-7.2" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-resteasy-jettison-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.2 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.2:eap7-resteasy-jettison-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch" }, "product_reference": "eap7-resteasy-jettison-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "relates_to_product_reference": "7Server-JBEAP-7.2" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-resteasy-jose-jwt-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.2 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.2:eap7-resteasy-jose-jwt-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch" }, "product_reference": "eap7-resteasy-jose-jwt-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "relates_to_product_reference": "7Server-JBEAP-7.2" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-resteasy-jsapi-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.2 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.2:eap7-resteasy-jsapi-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch" }, "product_reference": "eap7-resteasy-jsapi-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "relates_to_product_reference": "7Server-JBEAP-7.2" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-resteasy-json-binding-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.2 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.2:eap7-resteasy-json-binding-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch" }, "product_reference": "eap7-resteasy-json-binding-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "relates_to_product_reference": "7Server-JBEAP-7.2" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-resteasy-json-p-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.2 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.2:eap7-resteasy-json-p-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch" }, "product_reference": "eap7-resteasy-json-p-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "relates_to_product_reference": "7Server-JBEAP-7.2" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-resteasy-multipart-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.2 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.2:eap7-resteasy-multipart-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch" }, "product_reference": "eap7-resteasy-multipart-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "relates_to_product_reference": "7Server-JBEAP-7.2" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-resteasy-rxjava2-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.2 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.2:eap7-resteasy-rxjava2-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch" }, "product_reference": "eap7-resteasy-rxjava2-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "relates_to_product_reference": "7Server-JBEAP-7.2" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-resteasy-spring-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.2 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.2:eap7-resteasy-spring-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch" }, "product_reference": "eap7-resteasy-spring-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "relates_to_product_reference": "7Server-JBEAP-7.2" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-resteasy-validator-provider-11-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.2 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.2:eap7-resteasy-validator-provider-11-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch" }, "product_reference": "eap7-resteasy-validator-provider-11-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "relates_to_product_reference": "7Server-JBEAP-7.2" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-resteasy-yaml-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.2 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.2:eap7-resteasy-yaml-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch" }, "product_reference": "eap7-resteasy-yaml-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "relates_to_product_reference": "7Server-JBEAP-7.2" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.2 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.2:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el7eap.noarch" }, "product_reference": "eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el7eap.noarch", "relates_to_product_reference": "7Server-JBEAP-7.2" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el7eap.src as a component of Red Hat JBoss EAP 7.2 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.2:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el7eap.src" }, "product_reference": "eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el7eap.src", "relates_to_product_reference": "7Server-JBEAP-7.2" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-undertow-server-0:1.2.5-1.Final_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.2 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.2:eap7-undertow-server-0:1.2.5-1.Final_redhat_00001.1.el7eap.noarch" }, "product_reference": "eap7-undertow-server-0:1.2.5-1.Final_redhat_00001.1.el7eap.noarch", "relates_to_product_reference": "7Server-JBEAP-7.2" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.2 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.2:eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch" }, "product_reference": "eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch", "relates_to_product_reference": "7Server-JBEAP-7.2" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el7eap.src as a component of Red Hat JBoss EAP 7.2 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.2:eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el7eap.src" }, "product_reference": "eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el7eap.src", "relates_to_product_reference": "7Server-JBEAP-7.2" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-weld-core-impl-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.2 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.2:eap7-weld-core-impl-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch" }, "product_reference": "eap7-weld-core-impl-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch", "relates_to_product_reference": "7Server-JBEAP-7.2" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-weld-core-jsf-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.2 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.2:eap7-weld-core-jsf-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch" }, "product_reference": "eap7-weld-core-jsf-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch", "relates_to_product_reference": "7Server-JBEAP-7.2" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-weld-ejb-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.2 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.2:eap7-weld-ejb-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch" }, "product_reference": "eap7-weld-ejb-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch", "relates_to_product_reference": "7Server-JBEAP-7.2" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-weld-jta-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.2 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.2:eap7-weld-jta-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch" }, "product_reference": "eap7-weld-jta-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch", "relates_to_product_reference": "7Server-JBEAP-7.2" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-weld-probe-core-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.2 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.2:eap7-weld-probe-core-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch" }, "product_reference": "eap7-weld-probe-core-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch", "relates_to_product_reference": "7Server-JBEAP-7.2" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-weld-web-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.2 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.2:eap7-weld-web-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch" }, "product_reference": "eap7-weld-web-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch", "relates_to_product_reference": "7Server-JBEAP-7.2" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.2 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.2:eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el7eap.noarch" }, "product_reference": "eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el7eap.noarch", "relates_to_product_reference": "7Server-JBEAP-7.2" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el7eap.src as a component of Red Hat JBoss EAP 7.2 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.2:eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el7eap.src" }, "product_reference": "eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el7eap.src", "relates_to_product_reference": "7Server-JBEAP-7.2" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.2 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.2:eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el7eap.noarch" }, "product_reference": "eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el7eap.noarch", "relates_to_product_reference": "7Server-JBEAP-7.2" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el7eap.src as a component of Red Hat JBoss EAP 7.2 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.2:eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el7eap.src" }, "product_reference": "eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el7eap.src", "relates_to_product_reference": "7Server-JBEAP-7.2" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.src as a component of Red Hat JBoss EAP 7.2 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.2:eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.src" }, "product_reference": "eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.src", "relates_to_product_reference": "7Server-JBEAP-7.2" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.2 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.2:eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch" }, "product_reference": "eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch", "relates_to_product_reference": "7Server-JBEAP-7.2" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.2 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.2:eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch" }, "product_reference": "eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch", "relates_to_product_reference": "7Server-JBEAP-7.2" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.2 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.2:eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch" }, "product_reference": "eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch", "relates_to_product_reference": "7Server-JBEAP-7.2" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.2 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.2:eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch" }, "product_reference": "eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch", "relates_to_product_reference": "7Server-JBEAP-7.2" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-wildfly-java-jdk11-0:7.2.9-4.GA_redhat_00003.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.2 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.2:eap7-wildfly-java-jdk11-0:7.2.9-4.GA_redhat_00003.1.el7eap.noarch" }, "product_reference": "eap7-wildfly-java-jdk11-0:7.2.9-4.GA_redhat_00003.1.el7eap.noarch", "relates_to_product_reference": "7Server-JBEAP-7.2" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-wildfly-java-jdk8-0:7.2.9-4.GA_redhat_00003.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.2 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.2:eap7-wildfly-java-jdk8-0:7.2.9-4.GA_redhat_00003.1.el7eap.noarch" }, "product_reference": "eap7-wildfly-java-jdk8-0:7.2.9-4.GA_redhat_00003.1.el7eap.noarch", "relates_to_product_reference": "7Server-JBEAP-7.2" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-wildfly-javadocs-0:7.2.9-4.GA_redhat_00003.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.2 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.2:eap7-wildfly-javadocs-0:7.2.9-4.GA_redhat_00003.1.el7eap.noarch" }, "product_reference": "eap7-wildfly-javadocs-0:7.2.9-4.GA_redhat_00003.1.el7eap.noarch", "relates_to_product_reference": "7Server-JBEAP-7.2" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-wildfly-modules-0:7.2.9-4.GA_redhat_00003.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.2 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.2:eap7-wildfly-modules-0:7.2.9-4.GA_redhat_00003.1.el7eap.noarch" }, "product_reference": "eap7-wildfly-modules-0:7.2.9-4.GA_redhat_00003.1.el7eap.noarch", "relates_to_product_reference": "7Server-JBEAP-7.2" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.2 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el7eap.noarch" }, "product_reference": "eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el7eap.noarch", "relates_to_product_reference": "7Server-JBEAP-7.2" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el7eap.src as a component of Red Hat JBoss EAP 7.2 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el7eap.src" }, "product_reference": "eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el7eap.src", "relates_to_product_reference": "7Server-JBEAP-7.2" } ] }, "vulnerabilities": [ { "acknowledgments": [ { "names": [ "Guillaume Smet" ], "organization": "Red Hat", "summary": "This issue was discovered by Red Hat." } ], "cve": "CVE-2019-14900", "cwe": { "id": "CWE-89", "name": "Improper Neutralization of Special Elements used in an SQL Command (\u0027SQL Injection\u0027)" }, "discovery_date": "2019-01-15T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1666499" } ], "notes": [ { "category": "description", "text": "A flaw was found in Hibernate ORM. A SQL injection in the implementation of the JPA Criteria API can permit unsanitized literals when a literal is used in the SELECT or GROUP BY parts of the query. This flaw could allow an attacker to access unauthorized information or possibly conduct further attacks.", "title": "Vulnerability description" }, { "category": "summary", "text": "hibernate: SQL injection issue in Hibernate ORM", "title": "Vulnerability summary" }, { "category": "other", "text": "OpenDaylight:\nIn RHOSP10, RHOSP13 and RHOSP14 editions of Red Hat OpenStack platform, the hibernate-jfa library shipped with OpenDaylight is contains a flaw in the processing of SQL queries. The hibernate-jha implemenation is not used in a vulnerable way in OpenDaylight, preventing the potential for SQL injection.\n\nRed Hat Satellite 6.2, 6.3 and 6.4 contains affected versions of hibernate-core in its candlepin component. However, that component does not use hibernate-core in a vulnerable way.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "7Server-JBEAP-7.2:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-elytron-web-0:1.2.5-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el7eap.src", "7Server-JBEAP-7.2:eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el7eap.src", "7Server-JBEAP-7.2:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el7eap.src", "7Server-JBEAP-7.2:eap7-jboss-server-migration-cli-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-core-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly13.0-server-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly14.0-server-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-resteasy-atom-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-cdi-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-client-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-client-microprofile-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-crypto-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-jackson-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-jackson2-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-jaxb-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-jaxrs-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-jettison-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-jose-jwt-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-jsapi-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-json-binding-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-json-p-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-multipart-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-rxjava2-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-spring-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-validator-provider-11-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-yaml-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-undertow-server-0:1.2.5-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el7eap.src", "7Server-JBEAP-7.2:eap7-weld-core-impl-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-weld-core-jsf-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-weld-ejb-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-weld-jta-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-weld-probe-core-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-weld-web-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el7eap.src", "7Server-JBEAP-7.2:eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-java-jdk11-0:7.2.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-java-jdk8-0:7.2.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-javadocs-0:7.2.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-modules-0:7.2.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el7eap.src" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2019-14900" }, { "category": "external", "summary": "RHBZ#1666499", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1666499" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2019-14900", "url": "https://www.cve.org/CVERecord?id=CVE-2019-14900" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2019-14900", "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-14900" } ], "release_date": "2020-05-12T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2020-09-07T12:58:33+00:00", "details": "Before applying this update, back up your existing Red Hat JBoss Enterprise Application Platform installation and deployed applications.\n\nFor details about how to apply this update, which includes the changes described in this advisory, see:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "7Server-JBEAP-7.2:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-elytron-web-0:1.2.5-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el7eap.src", "7Server-JBEAP-7.2:eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el7eap.src", "7Server-JBEAP-7.2:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el7eap.src", "7Server-JBEAP-7.2:eap7-jboss-server-migration-cli-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-core-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly13.0-server-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly14.0-server-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-resteasy-atom-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-cdi-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-client-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-client-microprofile-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-crypto-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-jackson-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-jackson2-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-jaxb-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-jaxrs-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-jettison-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-jose-jwt-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-jsapi-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-json-binding-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-json-p-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-multipart-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-rxjava2-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-spring-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-validator-provider-11-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-yaml-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-undertow-server-0:1.2.5-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el7eap.src", "7Server-JBEAP-7.2:eap7-weld-core-impl-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-weld-core-jsf-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-weld-ejb-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-weld-jta-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-weld-probe-core-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-weld-web-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el7eap.src", "7Server-JBEAP-7.2:eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-java-jdk11-0:7.2.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-java-jdk8-0:7.2.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-javadocs-0:7.2.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-modules-0:7.2.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el7eap.src" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2020:3638" }, { "category": "workaround", "details": "There is no currently known mitigation for this flaw.", "product_ids": [ "7Server-JBEAP-7.2:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-elytron-web-0:1.2.5-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el7eap.src", "7Server-JBEAP-7.2:eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el7eap.src", "7Server-JBEAP-7.2:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el7eap.src", "7Server-JBEAP-7.2:eap7-jboss-server-migration-cli-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-core-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly13.0-server-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly14.0-server-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-resteasy-atom-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-cdi-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-client-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-client-microprofile-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-crypto-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-jackson-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-jackson2-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-jaxb-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-jaxrs-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-jettison-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-jose-jwt-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-jsapi-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-json-binding-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-json-p-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-multipart-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-rxjava2-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-spring-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-validator-provider-11-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-yaml-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-undertow-server-0:1.2.5-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el7eap.src", "7Server-JBEAP-7.2:eap7-weld-core-impl-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-weld-core-jsf-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-weld-ejb-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-weld-jta-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-weld-probe-core-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-weld-web-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el7eap.src", "7Server-JBEAP-7.2:eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-java-jdk11-0:7.2.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-java-jdk8-0:7.2.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-javadocs-0:7.2.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-modules-0:7.2.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el7eap.src" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "version": "3.1" }, "products": [ "7Server-JBEAP-7.2:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-elytron-web-0:1.2.5-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el7eap.src", "7Server-JBEAP-7.2:eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el7eap.src", "7Server-JBEAP-7.2:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el7eap.src", "7Server-JBEAP-7.2:eap7-jboss-server-migration-cli-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-core-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly13.0-server-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly14.0-server-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-resteasy-atom-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-cdi-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-client-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-client-microprofile-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-crypto-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-jackson-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-jackson2-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-jaxb-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-jaxrs-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-jettison-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-jose-jwt-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-jsapi-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-json-binding-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-json-p-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-multipart-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-rxjava2-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-spring-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-validator-provider-11-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-yaml-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-undertow-server-0:1.2.5-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el7eap.src", "7Server-JBEAP-7.2:eap7-weld-core-impl-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-weld-core-jsf-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-weld-ejb-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-weld-jta-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-weld-probe-core-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-weld-web-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el7eap.src", "7Server-JBEAP-7.2:eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-java-jdk11-0:7.2.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-java-jdk8-0:7.2.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-javadocs-0:7.2.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-modules-0:7.2.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el7eap.src" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "hibernate: SQL injection issue in Hibernate ORM" }, { "acknowledgments": [ { "names": [ "Mirko Selber" ], "organization": "Compass Security" } ], "cve": "CVE-2020-1695", "cwe": { "id": "CWE-20", "name": "Improper Input Validation" }, "discovery_date": "2019-07-16T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1730462" } ], "notes": [ { "category": "description", "text": "A flaw was found in Resteasy, where an improper input validation results in returning an illegal header that integrates into the server\u0027s response. This flaw may result in an injection, which leads to unexpected behavior when the HTTP response is constructed.", "title": "Vulnerability description" }, { "category": "summary", "text": "resteasy: Improper validation of response header in MediaTypeHeaderDelegate.java class", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "7Server-JBEAP-7.2:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-elytron-web-0:1.2.5-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el7eap.src", "7Server-JBEAP-7.2:eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el7eap.src", "7Server-JBEAP-7.2:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el7eap.src", "7Server-JBEAP-7.2:eap7-jboss-server-migration-cli-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-core-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly13.0-server-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly14.0-server-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-resteasy-atom-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-cdi-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-client-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-client-microprofile-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-crypto-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-jackson-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-jackson2-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-jaxb-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-jaxrs-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-jettison-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-jose-jwt-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-jsapi-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-json-binding-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-json-p-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-multipart-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-rxjava2-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-spring-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-validator-provider-11-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-yaml-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-undertow-server-0:1.2.5-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el7eap.src", "7Server-JBEAP-7.2:eap7-weld-core-impl-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-weld-core-jsf-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-weld-ejb-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-weld-jta-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-weld-probe-core-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-weld-web-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el7eap.src", "7Server-JBEAP-7.2:eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-java-jdk11-0:7.2.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-java-jdk8-0:7.2.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-javadocs-0:7.2.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-modules-0:7.2.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el7eap.src" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2020-1695" }, { "category": "external", "summary": "RHBZ#1730462", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1730462" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2020-1695", "url": "https://www.cve.org/CVERecord?id=CVE-2020-1695" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-1695", "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-1695" } ], "release_date": "2020-04-15T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2020-09-07T12:58:33+00:00", "details": "Before applying this update, back up your existing Red Hat JBoss Enterprise Application Platform installation and deployed applications.\n\nFor details about how to apply this update, which includes the changes described in this advisory, see:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "7Server-JBEAP-7.2:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-elytron-web-0:1.2.5-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el7eap.src", "7Server-JBEAP-7.2:eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el7eap.src", "7Server-JBEAP-7.2:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el7eap.src", "7Server-JBEAP-7.2:eap7-jboss-server-migration-cli-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-core-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly13.0-server-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly14.0-server-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-resteasy-atom-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-cdi-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-client-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-client-microprofile-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-crypto-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-jackson-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-jackson2-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-jaxb-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-jaxrs-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-jettison-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-jose-jwt-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-jsapi-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-json-binding-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-json-p-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-multipart-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-rxjava2-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-spring-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-validator-provider-11-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-yaml-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-undertow-server-0:1.2.5-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el7eap.src", "7Server-JBEAP-7.2:eap7-weld-core-impl-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-weld-core-jsf-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-weld-ejb-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-weld-jta-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-weld-probe-core-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-weld-web-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el7eap.src", "7Server-JBEAP-7.2:eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-java-jdk11-0:7.2.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-java-jdk8-0:7.2.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-javadocs-0:7.2.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-modules-0:7.2.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el7eap.src" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2020:3638" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", "version": "3.0" }, "products": [ "7Server-JBEAP-7.2:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-elytron-web-0:1.2.5-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el7eap.src", "7Server-JBEAP-7.2:eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el7eap.src", "7Server-JBEAP-7.2:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el7eap.src", "7Server-JBEAP-7.2:eap7-jboss-server-migration-cli-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-core-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly13.0-server-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly14.0-server-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-resteasy-atom-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-cdi-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-client-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-client-microprofile-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-crypto-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-jackson-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-jackson2-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-jaxb-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-jaxrs-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-jettison-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-jose-jwt-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-jsapi-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-json-binding-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-json-p-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-multipart-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-rxjava2-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-spring-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-validator-provider-11-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-yaml-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-undertow-server-0:1.2.5-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el7eap.src", "7Server-JBEAP-7.2:eap7-weld-core-impl-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-weld-core-jsf-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-weld-ejb-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-weld-jta-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-weld-probe-core-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-weld-web-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el7eap.src", "7Server-JBEAP-7.2:eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-java-jdk11-0:7.2.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-java-jdk8-0:7.2.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-javadocs-0:7.2.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-modules-0:7.2.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el7eap.src" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "resteasy: Improper validation of response header in MediaTypeHeaderDelegate.java class" }, { "cve": "CVE-2020-1710", "cwe": { "id": "CWE-113", "name": "Improper Neutralization of CRLF Sequences in HTTP Headers (\u0027HTTP Request/Response Splitting\u0027)" }, "discovery_date": "2019-12-20T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1793970" } ], "notes": [ { "category": "description", "text": "A flaw was discovered in JBoss EAP, where it does not process the header field-name in accordance with RFC7230. Whitespace between the header field-name and colon is processed, resulting in an HTTP response code of 200 instead of a bad request of 400.", "title": "Vulnerability description" }, { "category": "summary", "text": "EAP: field-name is not parsed in accordance to RFC7230", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "7Server-JBEAP-7.2:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-elytron-web-0:1.2.5-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el7eap.src", "7Server-JBEAP-7.2:eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el7eap.src", "7Server-JBEAP-7.2:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el7eap.src", "7Server-JBEAP-7.2:eap7-jboss-server-migration-cli-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-core-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly13.0-server-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly14.0-server-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-resteasy-atom-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-cdi-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-client-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-client-microprofile-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-crypto-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-jackson-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-jackson2-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-jaxb-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-jaxrs-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-jettison-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-jose-jwt-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-jsapi-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-json-binding-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-json-p-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-multipart-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-rxjava2-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-spring-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-validator-provider-11-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-yaml-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-undertow-server-0:1.2.5-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el7eap.src", "7Server-JBEAP-7.2:eap7-weld-core-impl-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-weld-core-jsf-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-weld-ejb-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-weld-jta-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-weld-probe-core-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-weld-web-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el7eap.src", "7Server-JBEAP-7.2:eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-java-jdk11-0:7.2.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-java-jdk8-0:7.2.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-javadocs-0:7.2.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-modules-0:7.2.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el7eap.src" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2020-1710" }, { "category": "external", "summary": "RHBZ#1793970", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1793970" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2020-1710", "url": "https://www.cve.org/CVERecord?id=CVE-2020-1710" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-1710", "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-1710" } ], "release_date": "2020-08-06T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2020-09-07T12:58:33+00:00", "details": "Before applying this update, back up your existing Red Hat JBoss Enterprise Application Platform installation and deployed applications.\n\nFor details about how to apply this update, which includes the changes described in this advisory, see:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "7Server-JBEAP-7.2:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-elytron-web-0:1.2.5-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el7eap.src", "7Server-JBEAP-7.2:eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el7eap.src", "7Server-JBEAP-7.2:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el7eap.src", "7Server-JBEAP-7.2:eap7-jboss-server-migration-cli-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-core-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly13.0-server-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly14.0-server-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-resteasy-atom-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-cdi-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-client-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-client-microprofile-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-crypto-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-jackson-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-jackson2-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-jaxb-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-jaxrs-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-jettison-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-jose-jwt-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-jsapi-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-json-binding-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-json-p-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-multipart-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-rxjava2-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-spring-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-validator-provider-11-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-yaml-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-undertow-server-0:1.2.5-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el7eap.src", "7Server-JBEAP-7.2:eap7-weld-core-impl-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-weld-core-jsf-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-weld-ejb-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-weld-jta-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-weld-probe-core-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-weld-web-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el7eap.src", "7Server-JBEAP-7.2:eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-java-jdk11-0:7.2.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-java-jdk8-0:7.2.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-javadocs-0:7.2.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-modules-0:7.2.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el7eap.src" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2020:3638" }, { "category": "workaround", "details": "There is currently no known mitigation for this issue.", "product_ids": [ "7Server-JBEAP-7.2:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-elytron-web-0:1.2.5-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el7eap.src", "7Server-JBEAP-7.2:eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el7eap.src", "7Server-JBEAP-7.2:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el7eap.src", "7Server-JBEAP-7.2:eap7-jboss-server-migration-cli-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-core-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly13.0-server-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly14.0-server-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-resteasy-atom-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-cdi-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-client-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-client-microprofile-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-crypto-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-jackson-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-jackson2-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-jaxb-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-jaxrs-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-jettison-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-jose-jwt-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-jsapi-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-json-binding-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-json-p-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-multipart-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-rxjava2-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-spring-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-validator-provider-11-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-yaml-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-undertow-server-0:1.2.5-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el7eap.src", "7Server-JBEAP-7.2:eap7-weld-core-impl-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-weld-core-jsf-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-weld-ejb-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-weld-jta-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-weld-probe-core-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-weld-web-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el7eap.src", "7Server-JBEAP-7.2:eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-java-jdk11-0:7.2.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-java-jdk8-0:7.2.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-javadocs-0:7.2.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-modules-0:7.2.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el7eap.src" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", "version": "3.1" }, "products": [ "7Server-JBEAP-7.2:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-elytron-web-0:1.2.5-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el7eap.src", "7Server-JBEAP-7.2:eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el7eap.src", "7Server-JBEAP-7.2:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el7eap.src", "7Server-JBEAP-7.2:eap7-jboss-server-migration-cli-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-core-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly13.0-server-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly14.0-server-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-resteasy-atom-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-cdi-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-client-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-client-microprofile-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-crypto-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-jackson-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-jackson2-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-jaxb-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-jaxrs-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-jettison-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-jose-jwt-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-jsapi-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-json-binding-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-json-p-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-multipart-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-rxjava2-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-spring-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-validator-provider-11-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-yaml-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-undertow-server-0:1.2.5-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el7eap.src", "7Server-JBEAP-7.2:eap7-weld-core-impl-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-weld-core-jsf-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-weld-ejb-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-weld-jta-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-weld-probe-core-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-weld-web-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el7eap.src", "7Server-JBEAP-7.2:eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-java-jdk11-0:7.2.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-java-jdk8-0:7.2.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-javadocs-0:7.2.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-modules-0:7.2.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el7eap.src" ] } ], "threats": [ { "category": "impact", "details": "Important" } ], "title": "EAP: field-name is not parsed in accordance to RFC7230" }, { "cve": "CVE-2020-1748", "cwe": { "id": "CWE-285", "name": "Improper Authorization" }, "discovery_date": "2020-02-26T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1807707" } ], "notes": [ { "category": "description", "text": "A flaw was found in Wildfly, where the WildFlySecurityManager checks were bypassed when using custom security managers, resulting in an improper authorization. This flaw leads to information exposure by unauthenticated access to secure resources.", "title": "Vulnerability description" }, { "category": "summary", "text": "Wildfly: Improper authorization issue in WildFlySecurityManager when using alternative protection domain", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "7Server-JBEAP-7.2:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-elytron-web-0:1.2.5-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el7eap.src", "7Server-JBEAP-7.2:eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el7eap.src", "7Server-JBEAP-7.2:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el7eap.src", "7Server-JBEAP-7.2:eap7-jboss-server-migration-cli-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-core-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly13.0-server-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly14.0-server-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-resteasy-atom-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-cdi-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-client-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-client-microprofile-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-crypto-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-jackson-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-jackson2-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-jaxb-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-jaxrs-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-jettison-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-jose-jwt-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-jsapi-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-json-binding-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-json-p-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-multipart-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-rxjava2-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-spring-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-validator-provider-11-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-yaml-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-undertow-server-0:1.2.5-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el7eap.src", "7Server-JBEAP-7.2:eap7-weld-core-impl-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-weld-core-jsf-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-weld-ejb-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-weld-jta-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-weld-probe-core-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-weld-web-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el7eap.src", "7Server-JBEAP-7.2:eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-java-jdk11-0:7.2.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-java-jdk8-0:7.2.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-javadocs-0:7.2.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-modules-0:7.2.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el7eap.src" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2020-1748" }, { "category": "external", "summary": "RHBZ#1807707", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1807707" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2020-1748", "url": "https://www.cve.org/CVERecord?id=CVE-2020-1748" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-1748", "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-1748" } ], "release_date": "2020-08-06T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2020-09-07T12:58:33+00:00", "details": "Before applying this update, back up your existing Red Hat JBoss Enterprise Application Platform installation and deployed applications.\n\nFor details about how to apply this update, which includes the changes described in this advisory, see:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "7Server-JBEAP-7.2:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-elytron-web-0:1.2.5-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el7eap.src", "7Server-JBEAP-7.2:eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el7eap.src", "7Server-JBEAP-7.2:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el7eap.src", "7Server-JBEAP-7.2:eap7-jboss-server-migration-cli-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-core-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly13.0-server-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly14.0-server-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-resteasy-atom-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-cdi-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-client-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-client-microprofile-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-crypto-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-jackson-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-jackson2-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-jaxb-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-jaxrs-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-jettison-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-jose-jwt-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-jsapi-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-json-binding-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-json-p-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-multipart-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-rxjava2-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-spring-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-validator-provider-11-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-yaml-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-undertow-server-0:1.2.5-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el7eap.src", "7Server-JBEAP-7.2:eap7-weld-core-impl-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-weld-core-jsf-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-weld-ejb-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-weld-jta-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-weld-probe-core-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-weld-web-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el7eap.src", "7Server-JBEAP-7.2:eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-java-jdk11-0:7.2.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-java-jdk8-0:7.2.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-javadocs-0:7.2.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-modules-0:7.2.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el7eap.src" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2020:3638" } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 4.8, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N", "version": "3.1" }, "products": [ "7Server-JBEAP-7.2:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-elytron-web-0:1.2.5-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el7eap.src", "7Server-JBEAP-7.2:eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el7eap.src", "7Server-JBEAP-7.2:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el7eap.src", "7Server-JBEAP-7.2:eap7-jboss-server-migration-cli-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-core-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly13.0-server-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly14.0-server-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-resteasy-atom-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-cdi-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-client-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-client-microprofile-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-crypto-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-jackson-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-jackson2-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-jaxb-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-jaxrs-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-jettison-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-jose-jwt-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-jsapi-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-json-binding-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-json-p-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-multipart-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-rxjava2-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-spring-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-validator-provider-11-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-yaml-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-undertow-server-0:1.2.5-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el7eap.src", "7Server-JBEAP-7.2:eap7-weld-core-impl-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-weld-core-jsf-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-weld-ejb-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-weld-jta-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-weld-probe-core-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-weld-web-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el7eap.src", "7Server-JBEAP-7.2:eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-java-jdk11-0:7.2.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-java-jdk8-0:7.2.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-javadocs-0:7.2.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-modules-0:7.2.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el7eap.src" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "Wildfly: Improper authorization issue in WildFlySecurityManager when using alternative protection domain" }, { "acknowledgments": [ { "names": [ "An Trinh" ] } ], "cve": "CVE-2020-6950", "cwe": { "id": "CWE-22", "name": "Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)" }, "discovery_date": "2019-12-16T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1805006" } ], "notes": [ { "category": "description", "text": "A flaw was found in Eclipse Mojarra before version 2.3.14, where it is vulnerable to a path traversal flaw via the loc parameter or the con parameter. An attacker could exploit this flaw to read arbitrary files.", "title": "Vulnerability description" }, { "category": "summary", "text": "Mojarra: Path traversal via either the loc parameter or the con parameter, incomplete fix of CVE-2018-14371", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "7Server-JBEAP-7.2:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-elytron-web-0:1.2.5-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el7eap.src", "7Server-JBEAP-7.2:eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el7eap.src", "7Server-JBEAP-7.2:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el7eap.src", "7Server-JBEAP-7.2:eap7-jboss-server-migration-cli-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-core-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly13.0-server-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly14.0-server-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-resteasy-atom-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-cdi-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-client-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-client-microprofile-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-crypto-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-jackson-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-jackson2-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-jaxb-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-jaxrs-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-jettison-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-jose-jwt-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-jsapi-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-json-binding-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-json-p-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-multipart-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-rxjava2-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-spring-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-validator-provider-11-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-yaml-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-undertow-server-0:1.2.5-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el7eap.src", "7Server-JBEAP-7.2:eap7-weld-core-impl-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-weld-core-jsf-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-weld-ejb-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-weld-jta-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-weld-probe-core-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-weld-web-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el7eap.src", "7Server-JBEAP-7.2:eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-java-jdk11-0:7.2.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-java-jdk8-0:7.2.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-javadocs-0:7.2.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-modules-0:7.2.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el7eap.src" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2020-6950" }, { "category": "external", "summary": "RHBZ#1805006", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1805006" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2020-6950", "url": "https://www.cve.org/CVERecord?id=CVE-2020-6950" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-6950", "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-6950" }, { "category": "external", "summary": "https://bugs.eclipse.org/bugs/show_bug.cgi?id=550943", "url": "https://bugs.eclipse.org/bugs/show_bug.cgi?id=550943" }, { "category": "external", "summary": "https://github.com/eclipse-ee4j/mojarra/commit/1b434748d9239f42eae8aa7d37d7a0930c061e24", "url": "https://github.com/eclipse-ee4j/mojarra/commit/1b434748d9239f42eae8aa7d37d7a0930c061e24" }, { "category": "external", "summary": "https://github.com/eclipse-ee4j/mojarra/commit/cefbb9447e7be560e59da2da6bd7cb93776f7741", "url": "https://github.com/eclipse-ee4j/mojarra/commit/cefbb9447e7be560e59da2da6bd7cb93776f7741" }, { "category": "external", "summary": "https://github.com/eclipse-ee4j/mojarra/issues/4571", "url": "https://github.com/eclipse-ee4j/mojarra/issues/4571" }, { "category": "external", "summary": "https://github.com/javaserverfaces/mojarra/issues/4364", "url": "https://github.com/javaserverfaces/mojarra/issues/4364" } ], "release_date": "2020-02-20T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2020-09-07T12:58:33+00:00", "details": "Before applying this update, back up your existing Red Hat JBoss Enterprise Application Platform installation and deployed applications.\n\nFor details about how to apply this update, which includes the changes described in this advisory, see:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "7Server-JBEAP-7.2:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-elytron-web-0:1.2.5-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el7eap.src", "7Server-JBEAP-7.2:eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el7eap.src", "7Server-JBEAP-7.2:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el7eap.src", "7Server-JBEAP-7.2:eap7-jboss-server-migration-cli-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-core-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly13.0-server-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly14.0-server-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-resteasy-atom-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-cdi-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-client-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-client-microprofile-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-crypto-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-jackson-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-jackson2-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-jaxb-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-jaxrs-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-jettison-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-jose-jwt-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-jsapi-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-json-binding-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-json-p-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-multipart-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-rxjava2-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-spring-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-validator-provider-11-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-yaml-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-undertow-server-0:1.2.5-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el7eap.src", "7Server-JBEAP-7.2:eap7-weld-core-impl-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-weld-core-jsf-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-weld-ejb-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-weld-jta-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-weld-probe-core-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-weld-web-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el7eap.src", "7Server-JBEAP-7.2:eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-java-jdk11-0:7.2.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-java-jdk8-0:7.2.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-javadocs-0:7.2.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-modules-0:7.2.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el7eap.src" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2020:3638" }, { "category": "workaround", "details": "There is no currently known mitigation for this flaw.", "product_ids": [ "7Server-JBEAP-7.2:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-elytron-web-0:1.2.5-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el7eap.src", "7Server-JBEAP-7.2:eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el7eap.src", "7Server-JBEAP-7.2:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el7eap.src", "7Server-JBEAP-7.2:eap7-jboss-server-migration-cli-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-core-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly13.0-server-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly14.0-server-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-resteasy-atom-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-cdi-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-client-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-client-microprofile-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-crypto-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-jackson-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-jackson2-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-jaxb-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-jaxrs-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-jettison-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-jose-jwt-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-jsapi-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-json-binding-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-json-p-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-multipart-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-rxjava2-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-spring-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-validator-provider-11-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-yaml-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-undertow-server-0:1.2.5-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el7eap.src", "7Server-JBEAP-7.2:eap7-weld-core-impl-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-weld-core-jsf-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-weld-ejb-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-weld-jta-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-weld-probe-core-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-weld-web-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el7eap.src", "7Server-JBEAP-7.2:eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-java-jdk11-0:7.2.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-java-jdk8-0:7.2.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-javadocs-0:7.2.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-modules-0:7.2.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el7eap.src" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N", "version": "3.1" }, "products": [ "7Server-JBEAP-7.2:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-elytron-web-0:1.2.5-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el7eap.src", "7Server-JBEAP-7.2:eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el7eap.src", "7Server-JBEAP-7.2:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el7eap.src", "7Server-JBEAP-7.2:eap7-jboss-server-migration-cli-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-core-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly13.0-server-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly14.0-server-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-resteasy-atom-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-cdi-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-client-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-client-microprofile-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-crypto-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-jackson-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-jackson2-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-jaxb-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-jaxrs-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-jettison-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-jose-jwt-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-jsapi-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-json-binding-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-json-p-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-multipart-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-rxjava2-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-spring-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-validator-provider-11-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-yaml-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-undertow-server-0:1.2.5-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el7eap.src", "7Server-JBEAP-7.2:eap7-weld-core-impl-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-weld-core-jsf-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-weld-ejb-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-weld-jta-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-weld-probe-core-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-weld-web-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el7eap.src", "7Server-JBEAP-7.2:eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-java-jdk11-0:7.2.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-java-jdk8-0:7.2.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-javadocs-0:7.2.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-modules-0:7.2.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el7eap.src" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "Mojarra: Path traversal via either the loc parameter or the con parameter, incomplete fix of CVE-2018-14371" }, { "cve": "CVE-2020-8840", "cwe": { "id": "CWE-502", "name": "Deserialization of Untrusted Data" }, "discovery_date": "2020-03-02T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1816330" } ], "notes": [ { "category": "description", "text": "A flaw was found in FasterXML jackson-databind in versions 2.0.0 through 2.9.10.2. A \"gadget\" exploit is possible due to a lack of a Java object being blocking from being deserialized. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.", "title": "Vulnerability description" }, { "category": "summary", "text": "jackson-databind: Lacks certain xbean-reflect/JNDI blocking", "title": "Vulnerability summary" }, { "category": "other", "text": "Red Hat OpenStack Platform ships OpenDaylight, which contains the vulnerable jackson-databind. However, OpenDaylight does not expose jackson-databind in a way that would make it vulnerable, lowering the impact of the vulnerability for OpenDaylight. As such, Red Hat will not be providing a fix for OpenDaylight at this time.\n\nWhile OpenShift Container Platform\u0027s elasticsearch plugins do ship the vulnerable component, it doesn\u0027t do any of the unsafe things described in https://access.redhat.com/solutions/3279231. We may update the jackson-databind dependency in a future release.\n\nRed Hat Satellite 6 does not enable polymorphic deserialization which is a required configuration for the vulnerability to be used. We may update the jackson-databind dependency in a future release.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "7Server-JBEAP-7.2:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-elytron-web-0:1.2.5-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el7eap.src", "7Server-JBEAP-7.2:eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el7eap.src", "7Server-JBEAP-7.2:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el7eap.src", "7Server-JBEAP-7.2:eap7-jboss-server-migration-cli-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-core-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly13.0-server-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly14.0-server-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-resteasy-atom-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-cdi-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-client-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-client-microprofile-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-crypto-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-jackson-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-jackson2-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-jaxb-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-jaxrs-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-jettison-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-jose-jwt-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-jsapi-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-json-binding-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-json-p-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-multipart-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-rxjava2-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-spring-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-validator-provider-11-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-yaml-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-undertow-server-0:1.2.5-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el7eap.src", "7Server-JBEAP-7.2:eap7-weld-core-impl-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-weld-core-jsf-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-weld-ejb-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-weld-jta-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-weld-probe-core-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-weld-web-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el7eap.src", "7Server-JBEAP-7.2:eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-java-jdk11-0:7.2.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-java-jdk8-0:7.2.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-javadocs-0:7.2.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-modules-0:7.2.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el7eap.src" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2020-8840" }, { "category": "external", "summary": "RHBZ#1816330", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1816330" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2020-8840", "url": "https://www.cve.org/CVERecord?id=CVE-2020-8840" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-8840", "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-8840" } ], "release_date": "2020-03-02T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2020-09-07T12:58:33+00:00", "details": "Before applying this update, back up your existing Red Hat JBoss Enterprise Application Platform installation and deployed applications.\n\nFor details about how to apply this update, which includes the changes described in this advisory, see:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "7Server-JBEAP-7.2:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-elytron-web-0:1.2.5-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el7eap.src", "7Server-JBEAP-7.2:eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el7eap.src", "7Server-JBEAP-7.2:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el7eap.src", "7Server-JBEAP-7.2:eap7-jboss-server-migration-cli-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-core-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly13.0-server-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly14.0-server-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-resteasy-atom-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-cdi-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-client-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-client-microprofile-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-crypto-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-jackson-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-jackson2-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-jaxb-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-jaxrs-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-jettison-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-jose-jwt-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-jsapi-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-json-binding-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-json-p-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-multipart-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-rxjava2-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-spring-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-validator-provider-11-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-yaml-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-undertow-server-0:1.2.5-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el7eap.src", "7Server-JBEAP-7.2:eap7-weld-core-impl-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-weld-core-jsf-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-weld-ejb-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-weld-jta-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-weld-probe-core-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-weld-web-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el7eap.src", "7Server-JBEAP-7.2:eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-java-jdk11-0:7.2.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-java-jdk8-0:7.2.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-javadocs-0:7.2.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-modules-0:7.2.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el7eap.src" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2020:3638" } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.1, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "7Server-JBEAP-7.2:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-elytron-web-0:1.2.5-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el7eap.src", "7Server-JBEAP-7.2:eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el7eap.src", "7Server-JBEAP-7.2:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el7eap.src", "7Server-JBEAP-7.2:eap7-jboss-server-migration-cli-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-core-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly13.0-server-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly14.0-server-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-resteasy-atom-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-cdi-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-client-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-client-microprofile-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-crypto-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-jackson-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-jackson2-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-jaxb-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-jaxrs-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-jettison-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-jose-jwt-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-jsapi-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-json-binding-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-json-p-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-multipart-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-rxjava2-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-spring-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-validator-provider-11-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-yaml-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-undertow-server-0:1.2.5-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el7eap.src", "7Server-JBEAP-7.2:eap7-weld-core-impl-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-weld-core-jsf-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-weld-ejb-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-weld-jta-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-weld-probe-core-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-weld-web-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el7eap.src", "7Server-JBEAP-7.2:eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-java-jdk11-0:7.2.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-java-jdk8-0:7.2.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-javadocs-0:7.2.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-modules-0:7.2.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el7eap.src" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "jackson-databind: Lacks certain xbean-reflect/JNDI blocking" }, { "cve": "CVE-2020-9546", "cwe": { "id": "CWE-502", "name": "Deserialization of Untrusted Data" }, "discovery_date": "2020-03-02T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1816332" } ], "notes": [ { "category": "description", "text": "A flaw was found in jackson-databind 2.x in versions prior to 2.9.10.4. FasterXML jackson-databind 2.x mishandles the interaction between serialization gadgets and typing. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.", "title": "Vulnerability description" }, { "category": "summary", "text": "jackson-databind: Serialization gadgets in shaded-hikari-config", "title": "Vulnerability summary" }, { "category": "other", "text": "Red Hat OpenStack Platform ships OpenDaylight, which contains the vulnerable jackson-databind. However, OpenDaylight does not expose jackson-databind in a way that would make it vulnerable, lowering the impact of the vulnerability for OpenDaylight. As such, Red Hat will not be providing a fix for OpenDaylight at this time.\n\nWhile OpenShift Container Platform\u0027s elasticsearch plugins do ship the vulnerable component, it doesn\u0027t do any of the unsafe things described in https://access.redhat.com/solutions/3279231. We may update the jackson-databind dependency in a future release.\n\nRed Hat Satellite 6 does not enable polymorphic deserialization which is a required configuration for the vulnerability to be used. We may update the jackson-databind dependency in a future release.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "7Server-JBEAP-7.2:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-elytron-web-0:1.2.5-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el7eap.src", "7Server-JBEAP-7.2:eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el7eap.src", "7Server-JBEAP-7.2:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el7eap.src", "7Server-JBEAP-7.2:eap7-jboss-server-migration-cli-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-core-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly13.0-server-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly14.0-server-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-resteasy-atom-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-cdi-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-client-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-client-microprofile-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-crypto-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-jackson-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-jackson2-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-jaxb-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-jaxrs-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-jettison-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-jose-jwt-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-jsapi-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-json-binding-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-json-p-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-multipart-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-rxjava2-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-spring-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-validator-provider-11-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-yaml-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-undertow-server-0:1.2.5-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el7eap.src", "7Server-JBEAP-7.2:eap7-weld-core-impl-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-weld-core-jsf-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-weld-ejb-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-weld-jta-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-weld-probe-core-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-weld-web-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el7eap.src", "7Server-JBEAP-7.2:eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-java-jdk11-0:7.2.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-java-jdk8-0:7.2.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-javadocs-0:7.2.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-modules-0:7.2.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el7eap.src" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2020-9546" }, { "category": "external", "summary": "RHBZ#1816332", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1816332" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2020-9546", "url": "https://www.cve.org/CVERecord?id=CVE-2020-9546" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-9546", "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-9546" } ], "release_date": "2020-03-02T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2020-09-07T12:58:33+00:00", "details": "Before applying this update, back up your existing Red Hat JBoss Enterprise Application Platform installation and deployed applications.\n\nFor details about how to apply this update, which includes the changes described in this advisory, see:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "7Server-JBEAP-7.2:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-elytron-web-0:1.2.5-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el7eap.src", "7Server-JBEAP-7.2:eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el7eap.src", "7Server-JBEAP-7.2:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el7eap.src", "7Server-JBEAP-7.2:eap7-jboss-server-migration-cli-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-core-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly13.0-server-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly14.0-server-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-resteasy-atom-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-cdi-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-client-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-client-microprofile-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-crypto-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-jackson-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-jackson2-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-jaxb-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-jaxrs-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-jettison-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-jose-jwt-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-jsapi-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-json-binding-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-json-p-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-multipart-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-rxjava2-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-spring-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-validator-provider-11-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-yaml-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-undertow-server-0:1.2.5-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el7eap.src", "7Server-JBEAP-7.2:eap7-weld-core-impl-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-weld-core-jsf-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-weld-ejb-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-weld-jta-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-weld-probe-core-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-weld-web-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el7eap.src", "7Server-JBEAP-7.2:eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-java-jdk11-0:7.2.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-java-jdk8-0:7.2.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-javadocs-0:7.2.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-modules-0:7.2.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el7eap.src" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2020:3638" } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.1, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "7Server-JBEAP-7.2:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-elytron-web-0:1.2.5-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el7eap.src", "7Server-JBEAP-7.2:eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el7eap.src", "7Server-JBEAP-7.2:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el7eap.src", "7Server-JBEAP-7.2:eap7-jboss-server-migration-cli-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-core-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly13.0-server-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly14.0-server-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-resteasy-atom-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-cdi-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-client-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-client-microprofile-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-crypto-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-jackson-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-jackson2-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-jaxb-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-jaxrs-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-jettison-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-jose-jwt-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-jsapi-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-json-binding-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-json-p-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-multipart-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-rxjava2-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-spring-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-validator-provider-11-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-yaml-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-undertow-server-0:1.2.5-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el7eap.src", "7Server-JBEAP-7.2:eap7-weld-core-impl-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-weld-core-jsf-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-weld-ejb-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-weld-jta-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-weld-probe-core-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-weld-web-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el7eap.src", "7Server-JBEAP-7.2:eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-java-jdk11-0:7.2.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-java-jdk8-0:7.2.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-javadocs-0:7.2.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-modules-0:7.2.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el7eap.src" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "jackson-databind: Serialization gadgets in shaded-hikari-config" }, { "cve": "CVE-2020-9547", "cwe": { "id": "CWE-502", "name": "Deserialization of Untrusted Data" }, "discovery_date": "2020-03-02T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1816337" } ], "notes": [ { "category": "description", "text": "A flaw was found in jackson-databind 2.x. FasterXML jackson-databind 2.x mishandles the interaction between serialization gadgets and typing. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.", "title": "Vulnerability description" }, { "category": "summary", "text": "jackson-databind: Serialization gadgets in ibatis-sqlmap", "title": "Vulnerability summary" }, { "category": "other", "text": "Red Hat OpenStack Platform ships OpenDaylight, which contains the vulnerable jackson-databind. However, OpenDaylight does not expose jackson-databind in a way that would make it vulnerable, lowering the impact of the vulnerability for OpenDaylight. As such, Red Hat will not be providing a fix for OpenDaylight at this time.\n\nWhile OpenShift Container Platform\u0027s elasticsearch plugins do ship the vulnerable component, it doesn\u0027t do any of the unsafe things described in https://access.redhat.com/solutions/3279231. We may update the jackson-databind dependency in a future release.\n\nRed Hat Satellite 6 does not enable polymorphic deserialization which is a required configuration for the vulnerability to be used. We may update the jackson-databind dependency in a future release.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "7Server-JBEAP-7.2:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-elytron-web-0:1.2.5-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el7eap.src", "7Server-JBEAP-7.2:eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el7eap.src", "7Server-JBEAP-7.2:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el7eap.src", "7Server-JBEAP-7.2:eap7-jboss-server-migration-cli-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-core-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly13.0-server-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly14.0-server-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-resteasy-atom-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-cdi-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-client-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-client-microprofile-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-crypto-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-jackson-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-jackson2-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-jaxb-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-jaxrs-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-jettison-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-jose-jwt-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-jsapi-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-json-binding-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-json-p-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-multipart-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-rxjava2-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-spring-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-validator-provider-11-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-yaml-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-undertow-server-0:1.2.5-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el7eap.src", "7Server-JBEAP-7.2:eap7-weld-core-impl-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-weld-core-jsf-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-weld-ejb-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-weld-jta-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-weld-probe-core-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-weld-web-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el7eap.src", "7Server-JBEAP-7.2:eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-java-jdk11-0:7.2.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-java-jdk8-0:7.2.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-javadocs-0:7.2.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-modules-0:7.2.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el7eap.src" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2020-9547" }, { "category": "external", "summary": "RHBZ#1816337", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1816337" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2020-9547", "url": "https://www.cve.org/CVERecord?id=CVE-2020-9547" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-9547", "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-9547" } ], "release_date": "2020-03-02T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2020-09-07T12:58:33+00:00", "details": "Before applying this update, back up your existing Red Hat JBoss Enterprise Application Platform installation and deployed applications.\n\nFor details about how to apply this update, which includes the changes described in this advisory, see:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "7Server-JBEAP-7.2:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-elytron-web-0:1.2.5-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el7eap.src", "7Server-JBEAP-7.2:eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el7eap.src", "7Server-JBEAP-7.2:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el7eap.src", "7Server-JBEAP-7.2:eap7-jboss-server-migration-cli-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-core-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly13.0-server-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly14.0-server-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-resteasy-atom-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-cdi-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-client-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-client-microprofile-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-crypto-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-jackson-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-jackson2-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-jaxb-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-jaxrs-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-jettison-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-jose-jwt-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-jsapi-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-json-binding-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-json-p-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-multipart-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-rxjava2-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-spring-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-validator-provider-11-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-yaml-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-undertow-server-0:1.2.5-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el7eap.src", "7Server-JBEAP-7.2:eap7-weld-core-impl-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-weld-core-jsf-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-weld-ejb-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-weld-jta-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-weld-probe-core-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-weld-web-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el7eap.src", "7Server-JBEAP-7.2:eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-java-jdk11-0:7.2.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-java-jdk8-0:7.2.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-javadocs-0:7.2.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-modules-0:7.2.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el7eap.src" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2020:3638" } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.1, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "7Server-JBEAP-7.2:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-elytron-web-0:1.2.5-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el7eap.src", "7Server-JBEAP-7.2:eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el7eap.src", "7Server-JBEAP-7.2:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el7eap.src", "7Server-JBEAP-7.2:eap7-jboss-server-migration-cli-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-core-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly13.0-server-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly14.0-server-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-resteasy-atom-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-cdi-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-client-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-client-microprofile-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-crypto-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-jackson-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-jackson2-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-jaxb-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-jaxrs-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-jettison-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-jose-jwt-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-jsapi-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-json-binding-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-json-p-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-multipart-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-rxjava2-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-spring-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-validator-provider-11-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-yaml-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-undertow-server-0:1.2.5-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el7eap.src", "7Server-JBEAP-7.2:eap7-weld-core-impl-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-weld-core-jsf-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-weld-ejb-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-weld-jta-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-weld-probe-core-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-weld-web-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el7eap.src", "7Server-JBEAP-7.2:eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-java-jdk11-0:7.2.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-java-jdk8-0:7.2.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-javadocs-0:7.2.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-modules-0:7.2.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el7eap.src" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "jackson-databind: Serialization gadgets in ibatis-sqlmap" }, { "cve": "CVE-2020-9548", "cwe": { "id": "CWE-502", "name": "Deserialization of Untrusted Data" }, "discovery_date": "2020-03-02T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1816340" } ], "notes": [ { "category": "description", "text": "A flaw was found in jackson-databind 2.x. FasterXML jackson-databind 2.x mishandles the interaction between serialization gadgets and typing. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.", "title": "Vulnerability description" }, { "category": "summary", "text": "jackson-databind: Serialization gadgets in anteros-core", "title": "Vulnerability summary" }, { "category": "other", "text": "Red Hat OpenStack Platform ships OpenDaylight, which contains the vulnerable jackson-databind. However, OpenDaylight does not expose jackson-databind in a way that would make it vulnerable, lowering the impact of the vulnerability for OpenDaylight. As such, Red Hat will not be providing a fix for OpenDaylight at this time.\n\nWhile OpenShift Container Platform\u0027s elasticsearch plugins do ship the vulnerable component, it doesn\u0027t do any of the unsafe things described in https://access.redhat.com/solutions/3279231. We may update the jackson-databind dependency in a future release.\n\nRed Hat Satellite 6 does not enable polymorphic deserialization which is a required configuration for the vulnerability to be used. We may update the jackson-databind dependency in a future release.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "7Server-JBEAP-7.2:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-elytron-web-0:1.2.5-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el7eap.src", "7Server-JBEAP-7.2:eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el7eap.src", "7Server-JBEAP-7.2:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el7eap.src", "7Server-JBEAP-7.2:eap7-jboss-server-migration-cli-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-core-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly13.0-server-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly14.0-server-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-resteasy-atom-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-cdi-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-client-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-client-microprofile-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-crypto-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-jackson-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-jackson2-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-jaxb-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-jaxrs-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-jettison-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-jose-jwt-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-jsapi-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-json-binding-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-json-p-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-multipart-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-rxjava2-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-spring-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-validator-provider-11-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-yaml-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-undertow-server-0:1.2.5-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el7eap.src", "7Server-JBEAP-7.2:eap7-weld-core-impl-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-weld-core-jsf-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-weld-ejb-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-weld-jta-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-weld-probe-core-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-weld-web-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el7eap.src", "7Server-JBEAP-7.2:eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-java-jdk11-0:7.2.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-java-jdk8-0:7.2.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-javadocs-0:7.2.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-modules-0:7.2.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el7eap.src" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2020-9548" }, { "category": "external", "summary": "RHBZ#1816340", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1816340" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2020-9548", "url": "https://www.cve.org/CVERecord?id=CVE-2020-9548" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-9548", "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-9548" } ], "release_date": "2020-03-02T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2020-09-07T12:58:33+00:00", "details": "Before applying this update, back up your existing Red Hat JBoss Enterprise Application Platform installation and deployed applications.\n\nFor details about how to apply this update, which includes the changes described in this advisory, see:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "7Server-JBEAP-7.2:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-elytron-web-0:1.2.5-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el7eap.src", "7Server-JBEAP-7.2:eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el7eap.src", "7Server-JBEAP-7.2:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el7eap.src", "7Server-JBEAP-7.2:eap7-jboss-server-migration-cli-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-core-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly13.0-server-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly14.0-server-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-resteasy-atom-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-cdi-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-client-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-client-microprofile-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-crypto-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-jackson-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-jackson2-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-jaxb-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-jaxrs-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-jettison-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-jose-jwt-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-jsapi-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-json-binding-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-json-p-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-multipart-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-rxjava2-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-spring-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-validator-provider-11-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-yaml-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-undertow-server-0:1.2.5-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el7eap.src", "7Server-JBEAP-7.2:eap7-weld-core-impl-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-weld-core-jsf-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-weld-ejb-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-weld-jta-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-weld-probe-core-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-weld-web-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el7eap.src", "7Server-JBEAP-7.2:eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-java-jdk11-0:7.2.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-java-jdk8-0:7.2.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-javadocs-0:7.2.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-modules-0:7.2.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el7eap.src" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2020:3638" } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.1, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "7Server-JBEAP-7.2:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-elytron-web-0:1.2.5-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el7eap.src", "7Server-JBEAP-7.2:eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el7eap.src", "7Server-JBEAP-7.2:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el7eap.src", "7Server-JBEAP-7.2:eap7-jboss-server-migration-cli-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-core-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly13.0-server-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly14.0-server-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-resteasy-atom-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-cdi-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-client-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-client-microprofile-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-crypto-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-jackson-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-jackson2-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-jaxb-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-jaxrs-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-jettison-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-jose-jwt-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-jsapi-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-json-binding-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-json-p-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-multipart-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-rxjava2-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-spring-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-validator-provider-11-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-yaml-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-undertow-server-0:1.2.5-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el7eap.src", "7Server-JBEAP-7.2:eap7-weld-core-impl-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-weld-core-jsf-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-weld-ejb-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-weld-jta-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-weld-probe-core-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-weld-web-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el7eap.src", "7Server-JBEAP-7.2:eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-java-jdk11-0:7.2.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-java-jdk8-0:7.2.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-javadocs-0:7.2.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-modules-0:7.2.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el7eap.src" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "jackson-databind: Serialization gadgets in anteros-core" }, { "cve": "CVE-2020-10672", "cwe": { "id": "CWE-96", "name": "Improper Neutralization of Directives in Statically Saved Code (\u0027Static Code Injection\u0027)" }, "discovery_date": "2020-03-19T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1815495" } ], "notes": [ { "category": "description", "text": "A flaw was found in jackson-databind 2.x in versions prior to 2.9.10.4. FasterXML jackson-databind 2.x mishandles the interaction between serialization gadgets and typing. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.", "title": "Vulnerability description" }, { "category": "summary", "text": "jackson-databind: mishandles the interaction between serialization gadgets and typing which could result in remote command execution", "title": "Vulnerability summary" }, { "category": "other", "text": "Red Hat OpenStack Platform ships OpenDaylight, which contains the vulnerable jackson-databind. However, OpenDaylight does not expose jackson-databind in a way that would make it vulnerable, lowering the impact of the vulnerability for OpenDaylight. As such, Red Hat will not be providing a fix for OpenDaylight at this time.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "7Server-JBEAP-7.2:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-elytron-web-0:1.2.5-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el7eap.src", "7Server-JBEAP-7.2:eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el7eap.src", "7Server-JBEAP-7.2:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el7eap.src", "7Server-JBEAP-7.2:eap7-jboss-server-migration-cli-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-core-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly13.0-server-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly14.0-server-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-resteasy-atom-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-cdi-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-client-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-client-microprofile-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-crypto-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-jackson-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-jackson2-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-jaxb-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-jaxrs-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-jettison-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-jose-jwt-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-jsapi-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-json-binding-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-json-p-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-multipart-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-rxjava2-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-spring-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-validator-provider-11-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-yaml-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-undertow-server-0:1.2.5-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el7eap.src", "7Server-JBEAP-7.2:eap7-weld-core-impl-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-weld-core-jsf-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-weld-ejb-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-weld-jta-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-weld-probe-core-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-weld-web-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el7eap.src", "7Server-JBEAP-7.2:eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-java-jdk11-0:7.2.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-java-jdk8-0:7.2.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-javadocs-0:7.2.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-modules-0:7.2.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el7eap.src" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2020-10672" }, { "category": "external", "summary": "RHBZ#1815495", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1815495" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2020-10672", "url": "https://www.cve.org/CVERecord?id=CVE-2020-10672" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-10672", "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-10672" } ], "release_date": "2020-03-15T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2020-09-07T12:58:33+00:00", "details": "Before applying this update, back up your existing Red Hat JBoss Enterprise Application Platform installation and deployed applications.\n\nFor details about how to apply this update, which includes the changes described in this advisory, see:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "7Server-JBEAP-7.2:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-elytron-web-0:1.2.5-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el7eap.src", "7Server-JBEAP-7.2:eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el7eap.src", "7Server-JBEAP-7.2:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el7eap.src", "7Server-JBEAP-7.2:eap7-jboss-server-migration-cli-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-core-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly13.0-server-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly14.0-server-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-resteasy-atom-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-cdi-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-client-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-client-microprofile-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-crypto-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-jackson-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-jackson2-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-jaxb-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-jaxrs-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-jettison-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-jose-jwt-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-jsapi-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-json-binding-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-json-p-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-multipart-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-rxjava2-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-spring-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-validator-provider-11-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-yaml-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-undertow-server-0:1.2.5-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el7eap.src", "7Server-JBEAP-7.2:eap7-weld-core-impl-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-weld-core-jsf-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-weld-ejb-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-weld-jta-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-weld-probe-core-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-weld-web-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el7eap.src", "7Server-JBEAP-7.2:eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-java-jdk11-0:7.2.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-java-jdk8-0:7.2.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-javadocs-0:7.2.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-modules-0:7.2.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el7eap.src" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2020:3638" } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.1, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "7Server-JBEAP-7.2:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-elytron-web-0:1.2.5-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el7eap.src", "7Server-JBEAP-7.2:eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el7eap.src", "7Server-JBEAP-7.2:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el7eap.src", "7Server-JBEAP-7.2:eap7-jboss-server-migration-cli-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-core-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly13.0-server-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly14.0-server-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-resteasy-atom-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-cdi-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-client-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-client-microprofile-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-crypto-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-jackson-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-jackson2-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-jaxb-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-jaxrs-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-jettison-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-jose-jwt-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-jsapi-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-json-binding-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-json-p-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-multipart-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-rxjava2-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-spring-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-validator-provider-11-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-yaml-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-undertow-server-0:1.2.5-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el7eap.src", "7Server-JBEAP-7.2:eap7-weld-core-impl-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-weld-core-jsf-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-weld-ejb-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-weld-jta-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-weld-probe-core-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-weld-web-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el7eap.src", "7Server-JBEAP-7.2:eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-java-jdk11-0:7.2.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-java-jdk8-0:7.2.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-javadocs-0:7.2.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-modules-0:7.2.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el7eap.src" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "jackson-databind: mishandles the interaction between serialization gadgets and typing which could result in remote command execution" }, { "cve": "CVE-2020-10673", "cwe": { "id": "CWE-96", "name": "Improper Neutralization of Directives in Statically Saved Code (\u0027Static Code Injection\u0027)" }, "discovery_date": "2020-03-19T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1815470" } ], "notes": [ { "category": "description", "text": "A flaw was found in jackson-databind 2.x in versions prior to 2.9.10.4. FasterXML jackson-databind 2.x mishandles the interaction between serialization gadgets and typing. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.", "title": "Vulnerability description" }, { "category": "summary", "text": "jackson-databind: mishandles the interaction between serialization gadgets and typing which could result in remote command execution", "title": "Vulnerability summary" }, { "category": "other", "text": "Red Hat OpenStack Platform ships OpenDaylight, which contains the vulnerable jackson-databind. However, OpenDaylight does not expose jackson-databind in a way that would make it vulnerable, lowering the impact of the vulnerability for OpenDaylight. As such, Red Hat will not be providing a fix for OpenDaylight at this time. Additionally, the gadget is not available within Red Hat Openstack Platform\u0027s OpenDaylight.\n\nWhile OpenShift Container Platform\u0027s elasticsearch plugins do ship the vulnerable component, it doesn\u0027t do any of the unsafe things described in https://access.redhat.com/solutions/3279231. We may update the jackson-databind dependency in a future release.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "7Server-JBEAP-7.2:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-elytron-web-0:1.2.5-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el7eap.src", "7Server-JBEAP-7.2:eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el7eap.src", "7Server-JBEAP-7.2:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el7eap.src", "7Server-JBEAP-7.2:eap7-jboss-server-migration-cli-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-core-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly13.0-server-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly14.0-server-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-resteasy-atom-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-cdi-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-client-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-client-microprofile-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-crypto-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-jackson-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-jackson2-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-jaxb-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-jaxrs-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-jettison-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-jose-jwt-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-jsapi-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-json-binding-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-json-p-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-multipart-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-rxjava2-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-spring-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-validator-provider-11-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-yaml-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-undertow-server-0:1.2.5-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el7eap.src", "7Server-JBEAP-7.2:eap7-weld-core-impl-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-weld-core-jsf-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-weld-ejb-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-weld-jta-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-weld-probe-core-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-weld-web-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el7eap.src", "7Server-JBEAP-7.2:eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-java-jdk11-0:7.2.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-java-jdk8-0:7.2.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-javadocs-0:7.2.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-modules-0:7.2.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el7eap.src" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2020-10673" }, { "category": "external", "summary": "RHBZ#1815470", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1815470" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2020-10673", "url": "https://www.cve.org/CVERecord?id=CVE-2020-10673" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-10673", "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-10673" } ], "release_date": "2020-03-18T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2020-09-07T12:58:33+00:00", "details": "Before applying this update, back up your existing Red Hat JBoss Enterprise Application Platform installation and deployed applications.\n\nFor details about how to apply this update, which includes the changes described in this advisory, see:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "7Server-JBEAP-7.2:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-elytron-web-0:1.2.5-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el7eap.src", "7Server-JBEAP-7.2:eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el7eap.src", "7Server-JBEAP-7.2:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el7eap.src", "7Server-JBEAP-7.2:eap7-jboss-server-migration-cli-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-core-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly13.0-server-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly14.0-server-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-resteasy-atom-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-cdi-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-client-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-client-microprofile-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-crypto-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-jackson-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-jackson2-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-jaxb-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-jaxrs-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-jettison-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-jose-jwt-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-jsapi-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-json-binding-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-json-p-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-multipart-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-rxjava2-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-spring-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-validator-provider-11-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-yaml-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-undertow-server-0:1.2.5-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el7eap.src", "7Server-JBEAP-7.2:eap7-weld-core-impl-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-weld-core-jsf-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-weld-ejb-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-weld-jta-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-weld-probe-core-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-weld-web-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el7eap.src", "7Server-JBEAP-7.2:eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-java-jdk11-0:7.2.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-java-jdk8-0:7.2.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-javadocs-0:7.2.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-modules-0:7.2.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el7eap.src" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2020:3638" } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 5.6, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L", "version": "3.1" }, "products": [ "7Server-JBEAP-7.2:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-elytron-web-0:1.2.5-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el7eap.src", "7Server-JBEAP-7.2:eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el7eap.src", "7Server-JBEAP-7.2:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el7eap.src", "7Server-JBEAP-7.2:eap7-jboss-server-migration-cli-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-core-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly13.0-server-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly14.0-server-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-resteasy-atom-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-cdi-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-client-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-client-microprofile-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-crypto-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-jackson-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-jackson2-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-jaxb-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-jaxrs-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-jettison-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-jose-jwt-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-jsapi-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-json-binding-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-json-p-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-multipart-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-rxjava2-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-spring-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-validator-provider-11-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-yaml-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-undertow-server-0:1.2.5-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el7eap.src", "7Server-JBEAP-7.2:eap7-weld-core-impl-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-weld-core-jsf-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-weld-ejb-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-weld-jta-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-weld-probe-core-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-weld-web-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el7eap.src", "7Server-JBEAP-7.2:eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-java-jdk11-0:7.2.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-java-jdk8-0:7.2.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-javadocs-0:7.2.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-modules-0:7.2.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el7eap.src" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "jackson-databind: mishandles the interaction between serialization gadgets and typing which could result in remote command execution" }, { "acknowledgments": [ { "names": [ "Adith Sudhakar" ] } ], "cve": "CVE-2020-10683", "cwe": { "id": "CWE-611", "name": "Improper Restriction of XML External Entity Reference" }, "discovery_date": "2019-03-28T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1694235" } ], "notes": [ { "category": "description", "text": "dom4j before 2.0.3 and 2.1.x before 2.1.3 allows external DTDs and External Entities by default, which might enable XXE attacks. However, there is popular external documentation from OWASP showing how to enable the safe, non-default behavior in any application that uses dom4j.", "title": "Vulnerability description" }, { "category": "summary", "text": "dom4j: XML External Entity vulnerability in default SAX parser", "title": "Vulnerability summary" }, { "category": "other", "text": "OpenShift Container Platform ships a vulnerable version of dom4j library. However it\u0027s used to parse configuration files, which are local disk resources. We\u0027ve rated this issue with a moderate impact for OpenShift Container Platform.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "7Server-JBEAP-7.2:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-elytron-web-0:1.2.5-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el7eap.src", "7Server-JBEAP-7.2:eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el7eap.src", "7Server-JBEAP-7.2:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el7eap.src", "7Server-JBEAP-7.2:eap7-jboss-server-migration-cli-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-core-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly13.0-server-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly14.0-server-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-resteasy-atom-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-cdi-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-client-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-client-microprofile-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-crypto-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-jackson-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-jackson2-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-jaxb-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-jaxrs-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-jettison-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-jose-jwt-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-jsapi-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-json-binding-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-json-p-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-multipart-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-rxjava2-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-spring-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-validator-provider-11-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-yaml-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-undertow-server-0:1.2.5-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el7eap.src", "7Server-JBEAP-7.2:eap7-weld-core-impl-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-weld-core-jsf-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-weld-ejb-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-weld-jta-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-weld-probe-core-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-weld-web-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el7eap.src", "7Server-JBEAP-7.2:eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-java-jdk11-0:7.2.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-java-jdk8-0:7.2.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-javadocs-0:7.2.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-modules-0:7.2.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el7eap.src" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2020-10683" }, { "category": "external", "summary": "RHBZ#1694235", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1694235" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2020-10683", "url": "https://www.cve.org/CVERecord?id=CVE-2020-10683" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-10683", "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-10683" } ], "release_date": "2020-04-15T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2020-09-07T12:58:33+00:00", "details": "Before applying this update, back up your existing Red Hat JBoss Enterprise Application Platform installation and deployed applications.\n\nFor details about how to apply this update, which includes the changes described in this advisory, see:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "7Server-JBEAP-7.2:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-elytron-web-0:1.2.5-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el7eap.src", "7Server-JBEAP-7.2:eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el7eap.src", "7Server-JBEAP-7.2:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el7eap.src", "7Server-JBEAP-7.2:eap7-jboss-server-migration-cli-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-core-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly13.0-server-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly14.0-server-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-resteasy-atom-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-cdi-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-client-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-client-microprofile-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-crypto-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-jackson-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-jackson2-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-jaxb-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-jaxrs-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-jettison-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-jose-jwt-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-jsapi-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-json-binding-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-json-p-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-multipart-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-rxjava2-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-spring-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-validator-provider-11-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-yaml-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-undertow-server-0:1.2.5-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el7eap.src", "7Server-JBEAP-7.2:eap7-weld-core-impl-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-weld-core-jsf-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-weld-ejb-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-weld-jta-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-weld-probe-core-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-weld-web-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el7eap.src", "7Server-JBEAP-7.2:eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-java-jdk11-0:7.2.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-java-jdk8-0:7.2.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-javadocs-0:7.2.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-modules-0:7.2.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el7eap.src" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2020:3638" } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 5.0, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:L", "version": "3.1" }, "products": [ "7Server-JBEAP-7.2:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-elytron-web-0:1.2.5-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el7eap.src", "7Server-JBEAP-7.2:eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el7eap.src", "7Server-JBEAP-7.2:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el7eap.src", "7Server-JBEAP-7.2:eap7-jboss-server-migration-cli-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-core-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly13.0-server-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly14.0-server-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-resteasy-atom-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-cdi-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-client-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-client-microprofile-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-crypto-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-jackson-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-jackson2-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-jaxb-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-jaxrs-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-jettison-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-jose-jwt-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-jsapi-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-json-binding-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-json-p-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-multipart-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-rxjava2-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-spring-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-validator-provider-11-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-yaml-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-undertow-server-0:1.2.5-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el7eap.src", "7Server-JBEAP-7.2:eap7-weld-core-impl-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-weld-core-jsf-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-weld-ejb-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-weld-jta-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-weld-probe-core-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-weld-web-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el7eap.src", "7Server-JBEAP-7.2:eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-java-jdk11-0:7.2.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-java-jdk8-0:7.2.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-javadocs-0:7.2.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-modules-0:7.2.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el7eap.src" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "dom4j: XML External Entity vulnerability in default SAX parser" }, { "acknowledgments": [ { "names": [ "Aaron Ogburn" ], "organization": "Red Hat", "summary": "This issue was discovered by Red Hat." } ], "cve": "CVE-2020-10687", "cwe": { "id": "CWE-444", "name": "Inconsistent Interpretation of HTTP Requests (\u0027HTTP Request/Response Smuggling\u0027)" }, "discovery_date": "2019-06-27T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1785049" } ], "notes": [ { "category": "description", "text": "A flaw was discovered in Undertow where HTTP request smuggling related to CVE-2017-2666 is possible against HTTP/1.x and HTTP/2 due to permitting invalid characters in an HTTP request. This flaw allows an attacker to poison a web-cache, perform an XSS attack, or obtain sensitive information from request other than their own.", "title": "Vulnerability description" }, { "category": "summary", "text": "Undertow: Incomplete fix for CVE-2017-2666 due to permitting invalid characters in HTTP requests", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "7Server-JBEAP-7.2:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-elytron-web-0:1.2.5-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el7eap.src", "7Server-JBEAP-7.2:eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el7eap.src", "7Server-JBEAP-7.2:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el7eap.src", "7Server-JBEAP-7.2:eap7-jboss-server-migration-cli-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-core-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly13.0-server-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly14.0-server-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-resteasy-atom-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-cdi-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-client-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-client-microprofile-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-crypto-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-jackson-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-jackson2-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-jaxb-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-jaxrs-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-jettison-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-jose-jwt-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-jsapi-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-json-binding-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-json-p-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-multipart-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-rxjava2-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-spring-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-validator-provider-11-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-yaml-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-undertow-server-0:1.2.5-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el7eap.src", "7Server-JBEAP-7.2:eap7-weld-core-impl-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-weld-core-jsf-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-weld-ejb-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-weld-jta-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-weld-probe-core-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-weld-web-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el7eap.src", "7Server-JBEAP-7.2:eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-java-jdk11-0:7.2.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-java-jdk8-0:7.2.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-javadocs-0:7.2.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-modules-0:7.2.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el7eap.src" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2020-10687" }, { "category": "external", "summary": "RHBZ#1785049", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1785049" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2020-10687", "url": "https://www.cve.org/CVERecord?id=CVE-2020-10687" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-10687", "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-10687" } ], "release_date": "2020-04-15T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2020-09-07T12:58:33+00:00", "details": "Before applying this update, back up your existing Red Hat JBoss Enterprise Application Platform installation and deployed applications.\n\nFor details about how to apply this update, which includes the changes described in this advisory, see:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "7Server-JBEAP-7.2:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-elytron-web-0:1.2.5-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el7eap.src", "7Server-JBEAP-7.2:eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el7eap.src", "7Server-JBEAP-7.2:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el7eap.src", "7Server-JBEAP-7.2:eap7-jboss-server-migration-cli-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-core-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly13.0-server-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly14.0-server-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-resteasy-atom-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-cdi-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-client-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-client-microprofile-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-crypto-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-jackson-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-jackson2-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-jaxb-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-jaxrs-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-jettison-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-jose-jwt-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-jsapi-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-json-binding-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-json-p-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-multipart-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-rxjava2-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-spring-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-validator-provider-11-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-yaml-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-undertow-server-0:1.2.5-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el7eap.src", "7Server-JBEAP-7.2:eap7-weld-core-impl-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-weld-core-jsf-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-weld-ejb-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-weld-jta-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-weld-probe-core-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-weld-web-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el7eap.src", "7Server-JBEAP-7.2:eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-java-jdk11-0:7.2.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-java-jdk8-0:7.2.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-javadocs-0:7.2.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-modules-0:7.2.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el7eap.src" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2020:3638" } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 4.8, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N", "version": "3.0" }, "products": [ "7Server-JBEAP-7.2:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-elytron-web-0:1.2.5-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el7eap.src", "7Server-JBEAP-7.2:eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el7eap.src", "7Server-JBEAP-7.2:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el7eap.src", "7Server-JBEAP-7.2:eap7-jboss-server-migration-cli-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-core-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly13.0-server-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly14.0-server-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-resteasy-atom-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-cdi-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-client-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-client-microprofile-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-crypto-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-jackson-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-jackson2-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-jaxb-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-jaxrs-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-jettison-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-jose-jwt-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-jsapi-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-json-binding-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-json-p-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-multipart-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-rxjava2-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-spring-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-validator-provider-11-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-yaml-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-undertow-server-0:1.2.5-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el7eap.src", "7Server-JBEAP-7.2:eap7-weld-core-impl-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-weld-core-jsf-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-weld-ejb-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-weld-jta-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-weld-probe-core-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-weld-web-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el7eap.src", "7Server-JBEAP-7.2:eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-java-jdk11-0:7.2.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-java-jdk8-0:7.2.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-javadocs-0:7.2.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-modules-0:7.2.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el7eap.src" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "Undertow: Incomplete fix for CVE-2017-2666 due to permitting invalid characters in HTTP requests" }, { "acknowledgments": [ { "names": [ "Alvaro Mu\u00f1oz" ], "organization": "GitHub Security Labs" } ], "cve": "CVE-2020-10693", "cwe": { "id": "CWE-20", "name": "Improper Input Validation" }, "discovery_date": "2020-02-05T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1805501" } ], "notes": [ { "category": "description", "text": "A flaw was found in Hibernate Validator version 6.1.2.Final. A bug in the message interpolation processor enables invalid EL expressions to be evaluated as if they were valid. This flaw allows attackers to bypass input sanitation (escaping, stripping) controls that developers may have put in place when handling user-controlled data in error messages.", "title": "Vulnerability description" }, { "category": "summary", "text": "hibernate-validator: Improper input validation in the interpolation of constraint error messages", "title": "Vulnerability summary" }, { "category": "other", "text": "hibernate-validator is packaged with Red Hat OpenStack Platform 13.0\u0027s OpenDaylight (ODL). However, because ODL is technical preview in this version and the flaw is moderate, Red Hat will not be releasing a fix for the OpenStack package at this time.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "7Server-JBEAP-7.2:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-elytron-web-0:1.2.5-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el7eap.src", "7Server-JBEAP-7.2:eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el7eap.src", "7Server-JBEAP-7.2:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el7eap.src", "7Server-JBEAP-7.2:eap7-jboss-server-migration-cli-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-core-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly13.0-server-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly14.0-server-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-resteasy-atom-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-cdi-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-client-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-client-microprofile-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-crypto-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-jackson-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-jackson2-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-jaxb-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-jaxrs-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-jettison-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-jose-jwt-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-jsapi-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-json-binding-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-json-p-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-multipart-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-rxjava2-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-spring-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-validator-provider-11-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-yaml-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-undertow-server-0:1.2.5-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el7eap.src", "7Server-JBEAP-7.2:eap7-weld-core-impl-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-weld-core-jsf-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-weld-ejb-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-weld-jta-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-weld-probe-core-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-weld-web-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el7eap.src", "7Server-JBEAP-7.2:eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-java-jdk11-0:7.2.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-java-jdk8-0:7.2.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-javadocs-0:7.2.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-modules-0:7.2.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el7eap.src" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2020-10693" }, { "category": "external", "summary": "RHBZ#1805501", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1805501" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2020-10693", "url": "https://www.cve.org/CVERecord?id=CVE-2020-10693" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-10693", "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-10693" } ], "release_date": "2020-05-05T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2020-09-07T12:58:33+00:00", "details": "Before applying this update, back up your existing Red Hat JBoss Enterprise Application Platform installation and deployed applications.\n\nFor details about how to apply this update, which includes the changes described in this advisory, see:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "7Server-JBEAP-7.2:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-elytron-web-0:1.2.5-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el7eap.src", "7Server-JBEAP-7.2:eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el7eap.src", "7Server-JBEAP-7.2:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el7eap.src", "7Server-JBEAP-7.2:eap7-jboss-server-migration-cli-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-core-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly13.0-server-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly14.0-server-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-resteasy-atom-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-cdi-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-client-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-client-microprofile-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-crypto-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-jackson-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-jackson2-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-jaxb-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-jaxrs-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-jettison-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-jose-jwt-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-jsapi-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-json-binding-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-json-p-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-multipart-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-rxjava2-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-spring-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-validator-provider-11-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-yaml-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-undertow-server-0:1.2.5-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el7eap.src", "7Server-JBEAP-7.2:eap7-weld-core-impl-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-weld-core-jsf-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-weld-ejb-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-weld-jta-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-weld-probe-core-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-weld-web-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el7eap.src", "7Server-JBEAP-7.2:eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-java-jdk11-0:7.2.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-java-jdk8-0:7.2.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-javadocs-0:7.2.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-modules-0:7.2.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el7eap.src" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2020:3638" }, { "category": "workaround", "details": "You can pass user input as an expression variable by unwrapping the context to HibernateConstraintValidatorContext. Please refer to the https://in.relation.to/2020/05/07/hibernate-validator-615-6020-released/ and https://docs.jboss.org/hibernate/stable/validator/reference/en-US/html_single/#_the_code_constraintvalidatorcontext_code.", "product_ids": [ "7Server-JBEAP-7.2:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-elytron-web-0:1.2.5-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el7eap.src", "7Server-JBEAP-7.2:eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el7eap.src", "7Server-JBEAP-7.2:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el7eap.src", "7Server-JBEAP-7.2:eap7-jboss-server-migration-cli-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-core-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly13.0-server-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly14.0-server-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-resteasy-atom-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-cdi-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-client-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-client-microprofile-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-crypto-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-jackson-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-jackson2-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-jaxb-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-jaxrs-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-jettison-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-jose-jwt-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-jsapi-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-json-binding-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-json-p-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-multipart-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-rxjava2-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-spring-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-validator-provider-11-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-yaml-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-undertow-server-0:1.2.5-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el7eap.src", "7Server-JBEAP-7.2:eap7-weld-core-impl-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-weld-core-jsf-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-weld-ejb-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-weld-jta-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-weld-probe-core-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-weld-web-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el7eap.src", "7Server-JBEAP-7.2:eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-java-jdk11-0:7.2.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-java-jdk8-0:7.2.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-javadocs-0:7.2.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-modules-0:7.2.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el7eap.src" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", "version": "3.1" }, "products": [ "7Server-JBEAP-7.2:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-elytron-web-0:1.2.5-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el7eap.src", "7Server-JBEAP-7.2:eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el7eap.src", "7Server-JBEAP-7.2:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el7eap.src", "7Server-JBEAP-7.2:eap7-jboss-server-migration-cli-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-core-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly13.0-server-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly14.0-server-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-resteasy-atom-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-cdi-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-client-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-client-microprofile-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-crypto-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-jackson-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-jackson2-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-jaxb-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-jaxrs-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-jettison-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-jose-jwt-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-jsapi-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-json-binding-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-json-p-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-multipart-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-rxjava2-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-spring-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-validator-provider-11-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-yaml-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-undertow-server-0:1.2.5-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el7eap.src", "7Server-JBEAP-7.2:eap7-weld-core-impl-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-weld-core-jsf-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-weld-ejb-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-weld-jta-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-weld-probe-core-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-weld-web-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el7eap.src", "7Server-JBEAP-7.2:eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-java-jdk11-0:7.2.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-java-jdk8-0:7.2.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-javadocs-0:7.2.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-modules-0:7.2.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el7eap.src" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "hibernate-validator: Improper input validation in the interpolation of constraint error messages" }, { "acknowledgments": [ { "names": [ "Mark Banierink" ], "organization": "Nedap" } ], "cve": "CVE-2020-10714", "cwe": { "id": "CWE-384", "name": "Session Fixation" }, "discovery_date": "2020-03-24T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1825714" } ], "notes": [ { "category": "description", "text": "A flaw was found in WildFly Elytron version 1.11.3.Final and before. When using WildFly Elytron FORM authentication with a session ID in the URL, an attacker could perform a session fixation attack. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.", "title": "Vulnerability description" }, { "category": "summary", "text": "wildfly-elytron: session fixation when using FORM authentication", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "7Server-JBEAP-7.2:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-elytron-web-0:1.2.5-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el7eap.src", "7Server-JBEAP-7.2:eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el7eap.src", "7Server-JBEAP-7.2:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el7eap.src", "7Server-JBEAP-7.2:eap7-jboss-server-migration-cli-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-core-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly13.0-server-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly14.0-server-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-resteasy-atom-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-cdi-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-client-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-client-microprofile-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-crypto-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-jackson-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-jackson2-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-jaxb-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-jaxrs-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-jettison-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-jose-jwt-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-jsapi-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-json-binding-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-json-p-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-multipart-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-rxjava2-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-spring-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-validator-provider-11-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-yaml-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-undertow-server-0:1.2.5-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el7eap.src", "7Server-JBEAP-7.2:eap7-weld-core-impl-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-weld-core-jsf-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-weld-ejb-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-weld-jta-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-weld-probe-core-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-weld-web-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el7eap.src", "7Server-JBEAP-7.2:eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-java-jdk11-0:7.2.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-java-jdk8-0:7.2.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-javadocs-0:7.2.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-modules-0:7.2.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el7eap.src" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2020-10714" }, { "category": "external", "summary": "RHBZ#1825714", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1825714" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2020-10714", "url": "https://www.cve.org/CVERecord?id=CVE-2020-10714" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-10714", "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-10714" } ], "release_date": "2020-04-28T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2020-09-07T12:58:33+00:00", "details": "Before applying this update, back up your existing Red Hat JBoss Enterprise Application Platform installation and deployed applications.\n\nFor details about how to apply this update, which includes the changes described in this advisory, see:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "7Server-JBEAP-7.2:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-elytron-web-0:1.2.5-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el7eap.src", "7Server-JBEAP-7.2:eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el7eap.src", "7Server-JBEAP-7.2:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el7eap.src", "7Server-JBEAP-7.2:eap7-jboss-server-migration-cli-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-core-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly13.0-server-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly14.0-server-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-resteasy-atom-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-cdi-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-client-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-client-microprofile-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-crypto-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-jackson-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-jackson2-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-jaxb-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-jaxrs-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-jettison-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-jose-jwt-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-jsapi-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-json-binding-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-json-p-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-multipart-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-rxjava2-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-spring-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-validator-provider-11-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-yaml-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-undertow-server-0:1.2.5-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el7eap.src", "7Server-JBEAP-7.2:eap7-weld-core-impl-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-weld-core-jsf-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-weld-ejb-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-weld-jta-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-weld-probe-core-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-weld-web-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el7eap.src", "7Server-JBEAP-7.2:eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-java-jdk11-0:7.2.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-java-jdk8-0:7.2.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-javadocs-0:7.2.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-modules-0:7.2.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el7eap.src" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2020:3638" }, { "category": "workaround", "details": "This attack is dependent on the attacker being able to create a session and the victim accessing the session before the session expires, we do have a 15 minute session timeout by default but the attacker could also keep this alive by say sending in a request every five minutes.\n\nThe server by default supports session tracking by URL and Cookie, if the web.xml is updated to support COOKIE only the exploit is not possible by sharing the link.\n~~~\n \u003csession-config\u003e\n \u003ctracking-mode\u003eURL\u003c/tracking-mode\u003e\n \u003c/session-config\u003e\n~~~\nTO\n~~~\n \u003csession-config\u003e\n \u003ctracking-mode\u003eCOOKIE\u003c/tracking-mode\u003e\n \u003c/session-config\u003e\n~~~", "product_ids": [ "7Server-JBEAP-7.2:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-elytron-web-0:1.2.5-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el7eap.src", "7Server-JBEAP-7.2:eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el7eap.src", "7Server-JBEAP-7.2:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el7eap.src", "7Server-JBEAP-7.2:eap7-jboss-server-migration-cli-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-core-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly13.0-server-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly14.0-server-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-resteasy-atom-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-cdi-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-client-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-client-microprofile-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-crypto-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-jackson-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-jackson2-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-jaxb-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-jaxrs-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-jettison-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-jose-jwt-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-jsapi-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-json-binding-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-json-p-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-multipart-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-rxjava2-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-spring-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-validator-provider-11-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-yaml-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-undertow-server-0:1.2.5-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el7eap.src", "7Server-JBEAP-7.2:eap7-weld-core-impl-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-weld-core-jsf-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-weld-ejb-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-weld-jta-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-weld-probe-core-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-weld-web-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el7eap.src", "7Server-JBEAP-7.2:eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-java-jdk11-0:7.2.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-java-jdk8-0:7.2.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-javadocs-0:7.2.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-modules-0:7.2.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el7eap.src" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "7Server-JBEAP-7.2:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-elytron-web-0:1.2.5-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el7eap.src", "7Server-JBEAP-7.2:eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el7eap.src", "7Server-JBEAP-7.2:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el7eap.src", "7Server-JBEAP-7.2:eap7-jboss-server-migration-cli-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-core-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly13.0-server-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly14.0-server-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-resteasy-atom-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-cdi-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-client-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-client-microprofile-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-crypto-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-jackson-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-jackson2-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-jaxb-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-jaxrs-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-jettison-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-jose-jwt-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-jsapi-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-json-binding-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-json-p-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-multipart-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-rxjava2-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-spring-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-validator-provider-11-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-yaml-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-undertow-server-0:1.2.5-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el7eap.src", "7Server-JBEAP-7.2:eap7-weld-core-impl-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-weld-core-jsf-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-weld-ejb-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-weld-jta-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-weld-probe-core-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-weld-web-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el7eap.src", "7Server-JBEAP-7.2:eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-java-jdk11-0:7.2.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-java-jdk8-0:7.2.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-javadocs-0:7.2.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-modules-0:7.2.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el7eap.src" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "wildfly-elytron: session fixation when using FORM authentication" }, { "acknowledgments": [ { "names": [ "James R. Perkins" ], "organization": "Red Hat", "summary": "This issue was discovered by Red Hat." } ], "cve": "CVE-2020-10718", "cwe": { "id": "CWE-749", "name": "Exposed Dangerous Method or Function" }, "discovery_date": "2020-03-09T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1828476" } ], "notes": [ { "category": "description", "text": "A flaw was found in Wildfly, where the embedded managed process API has an exposed setting of the Thread Context Classloader (TCCL). This setting is exposed as a public method, which can bypass the security manager. The highest threat from this vulnerability is to confidentiality.", "title": "Vulnerability description" }, { "category": "summary", "text": "wildfly: exposed setting of TCCL via the EmbeddedManagedProcess API", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "7Server-JBEAP-7.2:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-elytron-web-0:1.2.5-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el7eap.src", "7Server-JBEAP-7.2:eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el7eap.src", "7Server-JBEAP-7.2:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el7eap.src", "7Server-JBEAP-7.2:eap7-jboss-server-migration-cli-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-core-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly13.0-server-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly14.0-server-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-resteasy-atom-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-cdi-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-client-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-client-microprofile-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-crypto-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-jackson-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-jackson2-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-jaxb-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-jaxrs-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-jettison-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-jose-jwt-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-jsapi-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-json-binding-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-json-p-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-multipart-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-rxjava2-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-spring-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-validator-provider-11-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-yaml-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-undertow-server-0:1.2.5-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el7eap.src", "7Server-JBEAP-7.2:eap7-weld-core-impl-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-weld-core-jsf-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-weld-ejb-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-weld-jta-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-weld-probe-core-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-weld-web-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el7eap.src", "7Server-JBEAP-7.2:eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-java-jdk11-0:7.2.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-java-jdk8-0:7.2.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-javadocs-0:7.2.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-modules-0:7.2.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el7eap.src" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2020-10718" }, { "category": "external", "summary": "RHBZ#1828476", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1828476" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2020-10718", "url": "https://www.cve.org/CVERecord?id=CVE-2020-10718" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-10718", "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-10718" } ], "release_date": "2020-08-06T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2020-09-07T12:58:33+00:00", "details": "Before applying this update, back up your existing Red Hat JBoss Enterprise Application Platform installation and deployed applications.\n\nFor details about how to apply this update, which includes the changes described in this advisory, see:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "7Server-JBEAP-7.2:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-elytron-web-0:1.2.5-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el7eap.src", "7Server-JBEAP-7.2:eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el7eap.src", "7Server-JBEAP-7.2:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el7eap.src", "7Server-JBEAP-7.2:eap7-jboss-server-migration-cli-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-core-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly13.0-server-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly14.0-server-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-resteasy-atom-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-cdi-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-client-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-client-microprofile-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-crypto-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-jackson-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-jackson2-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-jaxb-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-jaxrs-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-jettison-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-jose-jwt-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-jsapi-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-json-binding-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-json-p-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-multipart-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-rxjava2-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-spring-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-validator-provider-11-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-yaml-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-undertow-server-0:1.2.5-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el7eap.src", "7Server-JBEAP-7.2:eap7-weld-core-impl-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-weld-core-jsf-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-weld-ejb-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-weld-jta-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-weld-probe-core-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-weld-web-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el7eap.src", "7Server-JBEAP-7.2:eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-java-jdk11-0:7.2.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-java-jdk8-0:7.2.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-javadocs-0:7.2.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-modules-0:7.2.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el7eap.src" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2020:3638" } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.9, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.1" }, "products": [ "7Server-JBEAP-7.2:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-elytron-web-0:1.2.5-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el7eap.src", "7Server-JBEAP-7.2:eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el7eap.src", "7Server-JBEAP-7.2:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el7eap.src", "7Server-JBEAP-7.2:eap7-jboss-server-migration-cli-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-core-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly13.0-server-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly14.0-server-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-resteasy-atom-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-cdi-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-client-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-client-microprofile-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-crypto-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-jackson-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-jackson2-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-jaxb-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-jaxrs-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-jettison-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-jose-jwt-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-jsapi-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-json-binding-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-json-p-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-multipart-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-rxjava2-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-spring-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-validator-provider-11-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-yaml-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-undertow-server-0:1.2.5-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el7eap.src", "7Server-JBEAP-7.2:eap7-weld-core-impl-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-weld-core-jsf-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-weld-ejb-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-weld-jta-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-weld-probe-core-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-weld-web-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el7eap.src", "7Server-JBEAP-7.2:eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-java-jdk11-0:7.2.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-java-jdk8-0:7.2.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-javadocs-0:7.2.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-modules-0:7.2.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el7eap.src" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "wildfly: exposed setting of TCCL via the EmbeddedManagedProcess API" }, { "acknowledgments": [ { "names": [ "Moritz Bechler" ], "organization": "SySS GmbH" } ], "cve": "CVE-2020-10740", "cwe": { "id": "CWE-502", "name": "Deserialization of Untrusted Data" }, "discovery_date": "2020-03-25T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1834512" } ], "notes": [ { "category": "description", "text": "A flaw was found in Wildfly. A remote deserialization attack is possible in the Enterprise Application Beans (EJB) due to lack of validation/filtering capabilities in wildfly. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availablity.", "title": "Vulnerability description" }, { "category": "summary", "text": "wildfly: unsafe deserialization in Wildfly Enterprise Java Beans", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "7Server-JBEAP-7.2:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-elytron-web-0:1.2.5-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el7eap.src", "7Server-JBEAP-7.2:eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el7eap.src", "7Server-JBEAP-7.2:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el7eap.src", "7Server-JBEAP-7.2:eap7-jboss-server-migration-cli-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-core-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly13.0-server-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly14.0-server-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-resteasy-atom-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-cdi-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-client-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-client-microprofile-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-crypto-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-jackson-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-jackson2-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-jaxb-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-jaxrs-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-jettison-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-jose-jwt-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-jsapi-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-json-binding-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-json-p-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-multipart-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-rxjava2-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-spring-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-validator-provider-11-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-yaml-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-undertow-server-0:1.2.5-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el7eap.src", "7Server-JBEAP-7.2:eap7-weld-core-impl-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-weld-core-jsf-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-weld-ejb-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-weld-jta-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-weld-probe-core-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-weld-web-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el7eap.src", "7Server-JBEAP-7.2:eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-java-jdk11-0:7.2.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-java-jdk8-0:7.2.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-javadocs-0:7.2.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-modules-0:7.2.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el7eap.src" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2020-10740" }, { "category": "external", "summary": "RHBZ#1834512", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1834512" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2020-10740", "url": "https://www.cve.org/CVERecord?id=CVE-2020-10740" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-10740", "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-10740" } ], "release_date": "2020-06-02T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2020-09-07T12:58:33+00:00", "details": "Before applying this update, back up your existing Red Hat JBoss Enterprise Application Platform installation and deployed applications.\n\nFor details about how to apply this update, which includes the changes described in this advisory, see:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "7Server-JBEAP-7.2:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-elytron-web-0:1.2.5-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el7eap.src", "7Server-JBEAP-7.2:eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el7eap.src", "7Server-JBEAP-7.2:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el7eap.src", "7Server-JBEAP-7.2:eap7-jboss-server-migration-cli-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-core-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly13.0-server-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly14.0-server-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-resteasy-atom-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-cdi-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-client-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-client-microprofile-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-crypto-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-jackson-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-jackson2-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-jaxb-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-jaxrs-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-jettison-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-jose-jwt-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-jsapi-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-json-binding-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-json-p-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-multipart-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-rxjava2-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-spring-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-validator-provider-11-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-yaml-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-undertow-server-0:1.2.5-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el7eap.src", "7Server-JBEAP-7.2:eap7-weld-core-impl-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-weld-core-jsf-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-weld-ejb-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-weld-jta-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-weld-probe-core-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-weld-web-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el7eap.src", "7Server-JBEAP-7.2:eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-java-jdk11-0:7.2.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-java-jdk8-0:7.2.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-javadocs-0:7.2.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-modules-0:7.2.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el7eap.src" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2020:3638" }, { "category": "workaround", "details": "There is currently no known mitigation for this issue.", "product_ids": [ "7Server-JBEAP-7.2:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-elytron-web-0:1.2.5-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el7eap.src", "7Server-JBEAP-7.2:eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el7eap.src", "7Server-JBEAP-7.2:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el7eap.src", "7Server-JBEAP-7.2:eap7-jboss-server-migration-cli-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-core-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly13.0-server-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly14.0-server-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-resteasy-atom-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-cdi-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-client-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-client-microprofile-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-crypto-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-jackson-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-jackson2-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-jaxb-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-jaxrs-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-jettison-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-jose-jwt-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-jsapi-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-json-binding-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-json-p-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-multipart-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-rxjava2-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-spring-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-validator-provider-11-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-yaml-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-undertow-server-0:1.2.5-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el7eap.src", "7Server-JBEAP-7.2:eap7-weld-core-impl-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-weld-core-jsf-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-weld-ejb-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-weld-jta-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-weld-probe-core-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-weld-web-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el7eap.src", "7Server-JBEAP-7.2:eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-java-jdk11-0:7.2.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-java-jdk8-0:7.2.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-javadocs-0:7.2.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-modules-0:7.2.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el7eap.src" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "7Server-JBEAP-7.2:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-elytron-web-0:1.2.5-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el7eap.src", "7Server-JBEAP-7.2:eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el7eap.src", "7Server-JBEAP-7.2:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el7eap.src", "7Server-JBEAP-7.2:eap7-jboss-server-migration-cli-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-core-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly13.0-server-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly14.0-server-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-resteasy-atom-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-cdi-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-client-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-client-microprofile-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-crypto-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-jackson-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-jackson2-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-jaxb-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-jaxrs-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-jettison-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-jose-jwt-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-jsapi-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-json-binding-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-json-p-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-multipart-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-rxjava2-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-spring-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-validator-provider-11-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-yaml-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-undertow-server-0:1.2.5-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el7eap.src", "7Server-JBEAP-7.2:eap7-weld-core-impl-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-weld-core-jsf-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-weld-ejb-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-weld-jta-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-weld-probe-core-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-weld-web-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el7eap.src", "7Server-JBEAP-7.2:eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-java-jdk11-0:7.2.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-java-jdk8-0:7.2.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-javadocs-0:7.2.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-modules-0:7.2.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el7eap.src" ] } ], "threats": [ { "category": "impact", "details": "Important" } ], "title": "wildfly: unsafe deserialization in Wildfly Enterprise Java Beans" }, { "cve": "CVE-2020-14297", "cwe": { "id": "CWE-400", "name": "Uncontrolled Resource Consumption" }, "discovery_date": "2020-07-01T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1853595" } ], "notes": [ { "category": "description", "text": "A flaw was found in Wildfly\u0027s EJB Client, where the accumulation of specific EJB transaction objects over time can cause services to slow down and eventually become unavailable. This flaw allows an attacker to cause a denial of service. The highest threat from this vulnerability is to system availability.", "title": "Vulnerability description" }, { "category": "summary", "text": "wildfly: Some EJB transaction objects may get accumulated causing Denial of Service", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "7Server-JBEAP-7.2:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-elytron-web-0:1.2.5-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el7eap.src", "7Server-JBEAP-7.2:eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el7eap.src", "7Server-JBEAP-7.2:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el7eap.src", "7Server-JBEAP-7.2:eap7-jboss-server-migration-cli-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-core-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly13.0-server-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly14.0-server-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-resteasy-atom-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-cdi-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-client-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-client-microprofile-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-crypto-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-jackson-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-jackson2-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-jaxb-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-jaxrs-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-jettison-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-jose-jwt-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-jsapi-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-json-binding-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-json-p-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-multipart-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-rxjava2-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-spring-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-validator-provider-11-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-yaml-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-undertow-server-0:1.2.5-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el7eap.src", "7Server-JBEAP-7.2:eap7-weld-core-impl-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-weld-core-jsf-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-weld-ejb-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-weld-jta-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-weld-probe-core-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-weld-web-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el7eap.src", "7Server-JBEAP-7.2:eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-java-jdk11-0:7.2.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-java-jdk8-0:7.2.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-javadocs-0:7.2.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-modules-0:7.2.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el7eap.src" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2020-14297" }, { "category": "external", "summary": "RHBZ#1853595", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1853595" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2020-14297", "url": "https://www.cve.org/CVERecord?id=CVE-2020-14297" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-14297", "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-14297" } ], "release_date": "2020-07-23T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2020-09-07T12:58:33+00:00", "details": "Before applying this update, back up your existing Red Hat JBoss Enterprise Application Platform installation and deployed applications.\n\nFor details about how to apply this update, which includes the changes described in this advisory, see:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "7Server-JBEAP-7.2:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-elytron-web-0:1.2.5-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el7eap.src", "7Server-JBEAP-7.2:eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el7eap.src", "7Server-JBEAP-7.2:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el7eap.src", "7Server-JBEAP-7.2:eap7-jboss-server-migration-cli-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-core-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly13.0-server-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly14.0-server-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-resteasy-atom-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-cdi-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-client-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-client-microprofile-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-crypto-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-jackson-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-jackson2-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-jaxb-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-jaxrs-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-jettison-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-jose-jwt-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-jsapi-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-json-binding-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-json-p-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-multipart-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-rxjava2-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-spring-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-validator-provider-11-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-yaml-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-undertow-server-0:1.2.5-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el7eap.src", "7Server-JBEAP-7.2:eap7-weld-core-impl-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-weld-core-jsf-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-weld-ejb-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-weld-jta-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-weld-probe-core-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-weld-web-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el7eap.src", "7Server-JBEAP-7.2:eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-java-jdk11-0:7.2.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-java-jdk8-0:7.2.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-javadocs-0:7.2.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-modules-0:7.2.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el7eap.src" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2020:3638" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "7Server-JBEAP-7.2:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-elytron-web-0:1.2.5-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el7eap.src", "7Server-JBEAP-7.2:eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el7eap.src", "7Server-JBEAP-7.2:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el7eap.src", "7Server-JBEAP-7.2:eap7-jboss-server-migration-cli-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-core-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly13.0-server-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly14.0-server-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-resteasy-atom-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-cdi-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-client-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-client-microprofile-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-crypto-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-jackson-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-jackson2-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-jaxb-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-jaxrs-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-jettison-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-jose-jwt-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-jsapi-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-json-binding-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-json-p-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-multipart-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-rxjava2-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-spring-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-validator-provider-11-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-yaml-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-undertow-server-0:1.2.5-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el7eap.src", "7Server-JBEAP-7.2:eap7-weld-core-impl-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-weld-core-jsf-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-weld-ejb-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-weld-jta-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-weld-probe-core-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-weld-web-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el7eap.src", "7Server-JBEAP-7.2:eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-java-jdk11-0:7.2.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-java-jdk8-0:7.2.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-javadocs-0:7.2.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-modules-0:7.2.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el7eap.src" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "wildfly: Some EJB transaction objects may get accumulated causing Denial of Service" }, { "cve": "CVE-2020-14307", "cwe": { "id": "CWE-404", "name": "Improper Resource Shutdown or Release" }, "discovery_date": "2020-06-19T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1851327" } ], "notes": [ { "category": "description", "text": "A vulnerability was found in Wildfly\u0027s Enterprise Java Beans (EJB), where SessionOpenInvocations are never removed from the remote InvocationTracker after a response is received in the EJB Client, as well as the server. This flaw allows an attacker to craft a denial of service attack to make the service unavailable.", "title": "Vulnerability description" }, { "category": "summary", "text": "wildfly: EJB SessionOpenInvocations may not be removed properly after a response is received causing Denial of Service", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "7Server-JBEAP-7.2:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-elytron-web-0:1.2.5-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el7eap.src", "7Server-JBEAP-7.2:eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el7eap.src", "7Server-JBEAP-7.2:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el7eap.src", "7Server-JBEAP-7.2:eap7-jboss-server-migration-cli-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-core-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly13.0-server-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly14.0-server-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-resteasy-atom-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-cdi-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-client-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-client-microprofile-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-crypto-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-jackson-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-jackson2-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-jaxb-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-jaxrs-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-jettison-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-jose-jwt-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-jsapi-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-json-binding-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-json-p-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-multipart-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-rxjava2-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-spring-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-validator-provider-11-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-yaml-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-undertow-server-0:1.2.5-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el7eap.src", "7Server-JBEAP-7.2:eap7-weld-core-impl-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-weld-core-jsf-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-weld-ejb-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-weld-jta-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-weld-probe-core-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-weld-web-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el7eap.src", "7Server-JBEAP-7.2:eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-java-jdk11-0:7.2.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-java-jdk8-0:7.2.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-javadocs-0:7.2.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-modules-0:7.2.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el7eap.src" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2020-14307" }, { "category": "external", "summary": "RHBZ#1851327", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1851327" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2020-14307", "url": "https://www.cve.org/CVERecord?id=CVE-2020-14307" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-14307", "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-14307" } ], "release_date": "2020-07-23T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2020-09-07T12:58:33+00:00", "details": "Before applying this update, back up your existing Red Hat JBoss Enterprise Application Platform installation and deployed applications.\n\nFor details about how to apply this update, which includes the changes described in this advisory, see:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "7Server-JBEAP-7.2:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-elytron-web-0:1.2.5-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el7eap.src", "7Server-JBEAP-7.2:eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el7eap.src", "7Server-JBEAP-7.2:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el7eap.src", "7Server-JBEAP-7.2:eap7-jboss-server-migration-cli-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-core-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly13.0-server-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly14.0-server-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-resteasy-atom-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-cdi-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-client-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-client-microprofile-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-crypto-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-jackson-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-jackson2-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-jaxb-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-jaxrs-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-jettison-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-jose-jwt-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-jsapi-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-json-binding-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-json-p-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-multipart-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-rxjava2-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-spring-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-validator-provider-11-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-yaml-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-undertow-server-0:1.2.5-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el7eap.src", "7Server-JBEAP-7.2:eap7-weld-core-impl-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-weld-core-jsf-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-weld-ejb-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-weld-jta-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-weld-probe-core-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-weld-web-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el7eap.src", "7Server-JBEAP-7.2:eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-java-jdk11-0:7.2.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-java-jdk8-0:7.2.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-javadocs-0:7.2.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-modules-0:7.2.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el7eap.src" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2020:3638" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "7Server-JBEAP-7.2:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-elytron-web-0:1.2.5-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el7eap.src", "7Server-JBEAP-7.2:eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el7eap.src", "7Server-JBEAP-7.2:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el7eap.src", "7Server-JBEAP-7.2:eap7-jboss-server-migration-cli-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-core-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly13.0-server-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly14.0-server-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-resteasy-atom-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-cdi-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-client-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-client-microprofile-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-crypto-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-jackson-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-jackson2-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-jaxb-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-jaxrs-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-jettison-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-jose-jwt-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-jsapi-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-json-binding-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-json-p-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-multipart-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-rxjava2-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-spring-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-validator-provider-11-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-yaml-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-undertow-server-0:1.2.5-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el7eap.src", "7Server-JBEAP-7.2:eap7-weld-core-impl-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-weld-core-jsf-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-weld-ejb-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-weld-jta-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-weld-probe-core-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-weld-web-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el7eap.src", "7Server-JBEAP-7.2:eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-java-jdk11-0:7.2.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-java-jdk8-0:7.2.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-javadocs-0:7.2.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-modules-0:7.2.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el7eap.src" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "wildfly: EJB SessionOpenInvocations may not be removed properly after a response is received causing Denial of Service" } ] }
rhsa-2020_3779
Vulnerability from csaf_redhat
Published
2020-09-17 13:07
Modified
2024-11-05 22:42
Summary
Red Hat Security Advisory: Red Hat Data Grid 7.3.7 security update
Notes
Topic
An update for Red Hat Data Grid is now available.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details
Red Hat Data Grid is a distributed, in-memory, NoSQL datastore based on the Infinispan project.
This release of Red Hat Data Grid 7.3.7 serves as a replacement for Red Hat Data Grid 7.3.6 and includes bug fixes and enhancements, which are described in the Release Notes, linked to in the References section of this erratum.
Security Fix(es):
* jetty: Incorrect header handling (CVE-2017-7658)
* EAP: field-name is not parsed in accordance to RFC7230 (CVE-2020-1710)
* undertow: AJP File Read/Inclusion Vulnerability (CVE-2020-1745)
* undertow: servletPath is normalized incorrectly leading to dangerous application mapping which could result in security bypass (CVE-2020-1757)
* jackson-databind: Lacks certain xbean-reflect/JNDI blocking (CVE-2020-8840)
* jackson-databind: Serialization gadgets in shaded-hikari-config (CVE-2020-9546)
* jackson-databind: Serialization gadgets in ibatis-sqlmap (CVE-2020-9547)
* jackson-databind: Serialization gadgets in anteros-core (CVE-2020-9548)
* jackson-databind: mishandles the interaction between serialization gadgets and typing which could result in remote command execution (CVE-2020-10672)
* jackson-databind: mishandles the interaction between serialization gadgets and typing which could result in remote command execution (CVE-2020-10673)
* jackson-databind: Serialization gadgets in org.aoju.bus.proxy.provider.*.RmiProvider (CVE-2020-10968)
* jackson-databind: Serialization gadgets in javax.swing.JEditorPane (CVE-2020-10969)
* jackson-databind: Serialization gadgets in org.apache.activemq.jms.pool.XaPooledConnectionFactory (CVE-2020-11111)
* jackson-databind: Serialization gadgets in org.apache.commons.proxy.provider.remoting.RmiProvider (CVE-2020-11112)
* jackson-databind: Serialization gadgets in org.apache.openjpa.ee.WASRegistryManagedRuntime (CVE-2020-11113)
* jackson-databind: Serialization gadgets in org.springframework:spring-aop (CVE-2020-11619)
* jackson-databind: Serialization gadgets in commons-jelly:commons-jelly (CVE-2020-11620)
* jackson-mapper-asl: XML external entity similar to CVE-2016-3720 (CVE-2019-10172)
* resteasy: Improper validation of response header in MediaTypeHeaderDelegate.java class (CVE-2020-1695)
* Wildfly: EJBContext principal is not popped back after invoking another EJB using a different Security Domain (CVE-2020-1719)
* Wildfly: Improper authorization issue in WildFlySecurityManager when using alternative protection domain (CVE-2020-1748)
* wildfly-elytron: session fixation when using FORM authentication (CVE-2020-10714)
* netty: compression/decompression codecs don't enforce limits on buffer allocation sizes (CVE-2020-11612)
* log4j: improper validation of certificate with host mismatch in SMTP appender (CVE-2020-9488)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{ "document": { "aggregate_severity": { "namespace": "https://access.redhat.com/security/updates/classification/", "text": "Important" }, "category": "csaf_security_advisory", "csaf_version": "2.0", "distribution": { "text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.", "tlp": { "label": "WHITE", "url": "https://www.first.org/tlp/" } }, "lang": "en", "notes": [ { "category": "summary", "text": "An update for Red Hat Data Grid is now available.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.", "title": "Topic" }, { "category": "general", "text": "Red Hat Data Grid is a distributed, in-memory, NoSQL datastore based on the Infinispan project.\n\nThis release of Red Hat Data Grid 7.3.7 serves as a replacement for Red Hat Data Grid 7.3.6 and includes bug fixes and enhancements, which are described in the Release Notes, linked to in the References section of this erratum.\n\nSecurity Fix(es):\n\n* jetty: Incorrect header handling (CVE-2017-7658)\n\n* EAP: field-name is not parsed in accordance to RFC7230 (CVE-2020-1710)\n\n* undertow: AJP File Read/Inclusion Vulnerability (CVE-2020-1745)\n\n* undertow: servletPath is normalized incorrectly leading to dangerous application mapping which could result in security bypass (CVE-2020-1757)\n\n* jackson-databind: Lacks certain xbean-reflect/JNDI blocking (CVE-2020-8840)\n\n* jackson-databind: Serialization gadgets in shaded-hikari-config (CVE-2020-9546)\n\n* jackson-databind: Serialization gadgets in ibatis-sqlmap (CVE-2020-9547)\n\n* jackson-databind: Serialization gadgets in anteros-core (CVE-2020-9548)\n\n* jackson-databind: mishandles the interaction between serialization gadgets and typing which could result in remote command execution (CVE-2020-10672)\n\n* jackson-databind: mishandles the interaction between serialization gadgets and typing which could result in remote command execution (CVE-2020-10673)\n\n* jackson-databind: Serialization gadgets in org.aoju.bus.proxy.provider.*.RmiProvider (CVE-2020-10968)\n\n* jackson-databind: Serialization gadgets in javax.swing.JEditorPane (CVE-2020-10969)\n\n* jackson-databind: Serialization gadgets in org.apache.activemq.jms.pool.XaPooledConnectionFactory (CVE-2020-11111)\n\n* jackson-databind: Serialization gadgets in org.apache.commons.proxy.provider.remoting.RmiProvider (CVE-2020-11112)\n\n* jackson-databind: Serialization gadgets in org.apache.openjpa.ee.WASRegistryManagedRuntime (CVE-2020-11113)\n\n* jackson-databind: Serialization gadgets in org.springframework:spring-aop (CVE-2020-11619)\n\n* jackson-databind: Serialization gadgets in commons-jelly:commons-jelly (CVE-2020-11620)\n\n* jackson-mapper-asl: XML external entity similar to CVE-2016-3720 (CVE-2019-10172)\n\n* resteasy: Improper validation of response header in MediaTypeHeaderDelegate.java class (CVE-2020-1695)\n\n* Wildfly: EJBContext principal is not popped back after invoking another EJB using a different Security Domain (CVE-2020-1719)\n\n* Wildfly: Improper authorization issue in WildFlySecurityManager when using alternative protection domain (CVE-2020-1748)\n\n* wildfly-elytron: session fixation when using FORM authentication (CVE-2020-10714)\n\n* netty: compression/decompression codecs don\u0027t enforce limits on buffer allocation sizes (CVE-2020-11612)\n\n* log4j: improper validation of certificate with host mismatch in SMTP appender (CVE-2020-9488)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.", "title": "Details" }, { "category": "legal_disclaimer", "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.", "title": "Terms of Use" } ], "publisher": { "category": "vendor", "contact_details": "https://access.redhat.com/security/team/contact/", "issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.", "name": "Red Hat Product Security", "namespace": "https://www.redhat.com" }, "references": [ { "category": "self", "summary": "https://access.redhat.com/errata/RHSA-2020:3779", "url": "https://access.redhat.com/errata/RHSA-2020:3779" }, { "category": "external", "summary": "https://access.redhat.com/security/updates/classification/#important", "url": "https://access.redhat.com/security/updates/classification/#important" }, { "category": "external", "summary": "https://access.redhat.com/jbossnetwork/restricted/listSoftware.html?product=data.grid\u0026downloadType=securityPatches\u0026version=7.3", "url": "https://access.redhat.com/jbossnetwork/restricted/listSoftware.html?product=data.grid\u0026downloadType=securityPatches\u0026version=7.3" }, { "category": "external", "summary": "https://access.redhat.com/documentation/en-us/red_hat_data_grid/7.3/html/red_hat_data_grid_7.3_release_notes/index", "url": "https://access.redhat.com/documentation/en-us/red_hat_data_grid/7.3/html/red_hat_data_grid_7.3_release_notes/index" }, { "category": "external", "summary": "1595621", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1595621" }, { "category": "external", "summary": "1715075", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1715075" }, { "category": "external", "summary": "1730462", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1730462" }, { "category": "external", "summary": "1752770", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1752770" }, { "category": "external", "summary": "1793970", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1793970" }, { "category": "external", "summary": "1796617", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1796617" }, { "category": "external", "summary": "1807305", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1807305" }, { "category": "external", "summary": "1807707", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1807707" }, { "category": "external", "summary": "1815470", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1815470" }, { "category": "external", "summary": "1815495", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1815495" }, { "category": "external", "summary": "1816216", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1816216" }, { "category": "external", "summary": "1816330", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1816330" }, { "category": "external", "summary": "1816332", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1816332" }, { "category": "external", "summary": "1816337", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1816337" }, { "category": "external", "summary": "1816340", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1816340" }, { "category": "external", "summary": "1819208", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1819208" }, { "category": "external", "summary": "1819212", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1819212" }, { "category": "external", "summary": "1821304", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1821304" }, { "category": "external", "summary": "1821311", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1821311" }, { "category": "external", "summary": "1821315", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1821315" }, { "category": "external", "summary": "1825714", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1825714" }, { "category": "external", "summary": "1826798", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1826798" }, { "category": "external", "summary": "1826805", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1826805" }, { "category": "external", "summary": "1831139", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1831139" }, { "category": "self", "summary": "Canonical URL", "url": "https://security.access.redhat.com/data/csaf/v2/advisories/2020/rhsa-2020_3779.json" } ], "title": "Red Hat Security Advisory: Red Hat Data Grid 7.3.7 security update", "tracking": { "current_release_date": "2024-11-05T22:42:47+00:00", "generator": { "date": "2024-11-05T22:42:47+00:00", "engine": { "name": "Red Hat SDEngine", "version": "4.1.1" } }, "id": "RHSA-2020:3779", "initial_release_date": "2020-09-17T13:07:49+00:00", "revision_history": [ { "date": "2020-09-17T13:07:49+00:00", "number": "1", "summary": "Initial version" }, { "date": "2020-09-17T13:07:49+00:00", "number": "2", "summary": "Last updated version" }, { "date": "2024-11-05T22:42:47+00:00", "number": "3", "summary": "Last generated version" } ], "status": "final", "version": "3" } }, "product_tree": { "branches": [ { "branches": [ { "branches": [ { "category": "product_name", "name": "Red Hat Data Grid 7.3.7", "product": { "name": "Red Hat Data Grid 7.3.7", "product_id": "Red Hat Data Grid 7.3.7", "product_identification_helper": { "cpe": "cpe:/a:redhat:jboss_data_grid:7.3" } } } ], "category": "product_family", "name": "Red Hat JBoss Data Grid" } ], "category": "vendor", "name": "Red Hat" } ] }, "vulnerabilities": [ { "cve": "CVE-2017-7656", "cwe": { "id": "CWE-444", "name": "Inconsistent Interpretation of HTTP Requests (\u0027HTTP Request/Response Smuggling\u0027)" }, "discovery_date": "2018-06-26T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1595639" } ], "notes": [ { "category": "description", "text": "In Eclipse Jetty, versions 9.2.x and older, 9.3.x (all configurations), and 9.4.x (non-default configuration with RFC2616 compliance enabled), HTTP/0.9 is handled poorly. An HTTP/1 style request line (i.e. method space URI space version) that declares a version of HTTP/0.9 was accepted and treated as a 0.9 request. If deployed behind an intermediary that also accepted and passed through the 0.9 version (but did not act on it), then the response sent could be interpreted by the intermediary as HTTP/1 headers. This could be used to poison the cache if the server allowed the origin client to generate arbitrary content in the response.", "title": "Vulnerability description" }, { "category": "summary", "text": "jetty: HTTP request smuggling using the range header", "title": "Vulnerability summary" }, { "category": "other", "text": "This issue affects the versions of jetty embedded in the nutch package as shipped with Red Hat Satellite 5. The nutch service is not exposed, as such exploitation is difficult, Red Hat Product Security has rated this issue as having security impact of Low. A future update may address this issue. For additional information, refer to the Issue Severity Classification: https://access.redhat.com/security/updates/classification/.\n\nData Grid 7 has deprecated the agent-bond utility that permits this flaw; it is disabled by default and is no longer supported. While the functionality is still available for backward-compatibility usage, customers are strongly recommended to use Prometheus JMX instead. As the functionality is deprecated and no longer supported, the flaw has been scored as Moderate for Data Grid 7.\n\nData Grid 8 is not affected by this flaw.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Red Hat Data Grid 7.3.7" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2017-7656" }, { "category": "external", "summary": "RHBZ#1595639", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1595639" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2017-7656", "url": "https://www.cve.org/CVERecord?id=CVE-2017-7656" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2017-7656", "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-7656" } ], "release_date": "2018-06-07T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2020-09-17T13:07:49+00:00", "details": "To install this update, do the following:\n\n1. Download the Data Grid 7.3.7 server patch from the customer portal. See the download link in the References section.\n2. Back up your existing Data Grid installation. You should back up databases, configuration files, and so on.\n3. Install the Data Grid 7.3.7 server patch. Refer to the 7.3 Release Notes for patching instructions.\n4. Restart Data Grid to ensure the changes take effect.", "product_ids": [ "Red Hat Data Grid 7.3.7" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2020:3779" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", "version": "3.1" }, "products": [ "Red Hat Data Grid 7.3.7" ] } ], "threats": [ { "category": "impact", "details": "Important" } ], "title": "jetty: HTTP request smuggling using the range header" }, { "cve": "CVE-2017-7657", "cwe": { "id": "CWE-444", "name": "Inconsistent Interpretation of HTTP Requests (\u0027HTTP Request/Response Smuggling\u0027)" }, "discovery_date": "2018-06-26T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1595620" } ], "notes": [ { "category": "description", "text": "In Eclipse Jetty, versions 9.2.x and older, 9.3.x (all configurations), and 9.4.x (non-default configuration with RFC2616 compliance enabled), transfer-encoding chunks are handled poorly. The chunk length parsing was vulnerable to an integer overflow. Thus a large chunk size could be interpreted as a smaller chunk size and content sent as chunk body could be interpreted as a pipelined request. If Jetty was deployed behind an intermediary that imposed some authorization and that intermediary allowed arbitrarily large chunks to be passed on unchanged, then this flaw could be used to bypass the authorization imposed by the intermediary as the fake pipelined request would not be interpreted by the intermediary as a request.", "title": "Vulnerability description" }, { "category": "summary", "text": "jetty: HTTP request smuggling", "title": "Vulnerability summary" }, { "category": "other", "text": "This issue affects the versions of jetty embedded in the nutch package as shipped with Red Hat Satellite 5. The nutch service is not exposed, as such exploitation is difficult, Red Hat Product Security has rated this issue as having security impact of Low. A future update may address this issue. For additional information, refer to the Issue Severity Classification: https://access.redhat.com/security/updates/classification/.\n\nData Grid 7 has deprecated the agent-bond utility that permits this flaw; it is disabled by default and is no longer supported. While the functionality is still available for backward-compatibility usage, customers are strongly recommended to use Prometheus JMX instead. As the functionality is deprecated and no longer supported, the flaw has been scored as Moderate for Data Grid 7.\n\nData Grid 8 is not affected by this flaw.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Red Hat Data Grid 7.3.7" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2017-7657" }, { "category": "external", "summary": "RHBZ#1595620", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1595620" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2017-7657", "url": "https://www.cve.org/CVERecord?id=CVE-2017-7657" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2017-7657", "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-7657" } ], "release_date": "2018-06-07T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2020-09-17T13:07:49+00:00", "details": "To install this update, do the following:\n\n1. Download the Data Grid 7.3.7 server patch from the customer portal. See the download link in the References section.\n2. Back up your existing Data Grid installation. You should back up databases, configuration files, and so on.\n3. Install the Data Grid 7.3.7 server patch. Refer to the 7.3 Release Notes for patching instructions.\n4. Restart Data Grid to ensure the changes take effect.", "product_ids": [ "Red Hat Data Grid 7.3.7" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2020:3779" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0" }, "products": [ "Red Hat Data Grid 7.3.7" ] } ], "threats": [ { "category": "impact", "details": "Important" } ], "title": "jetty: HTTP request smuggling" }, { "cve": "CVE-2017-7658", "cwe": { "id": "CWE-444", "name": "Inconsistent Interpretation of HTTP Requests (\u0027HTTP Request/Response Smuggling\u0027)" }, "discovery_date": "2018-06-26T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1595621" } ], "notes": [ { "category": "description", "text": "In Eclipse Jetty Server, versions 9.2.x and older, 9.3.x (all non HTTP/1.x configurations), and 9.4.x (all HTTP/1.x configurations), when presented with two content-lengths headers, Jetty ignored the second. When presented with a content-length and a chunked encoding header, the content-length was ignored (as per RFC 2616). If an intermediary decided on the shorter length, but still passed on the longer body, then body content could be interpreted by Jetty as a pipelined request. If the intermediary was imposing authorization, the fake pipelined request would bypass that authorization.", "title": "Vulnerability description" }, { "category": "summary", "text": "jetty: Incorrect header handling", "title": "Vulnerability summary" }, { "category": "other", "text": "This issue affects the versions of jetty embedded in the nutch package as shipped with Red Hat Satellite 5. The nutch service is not exposed, as such exploitation is difficult, Red Hat Product Security has rated this issue as having security impact of Low. A future update may address this issue. For additional information, refer to the Issue Severity Classification: https://access.redhat.com/security/updates/classification/.\n\nData Grid 7 has deprecated the agent-bond utility that permits this flaw; it is disabled by default and is no longer supported. While the functionality is still available for backward-compatibility usage, customers are strongly recommended to use Prometheus JMX instead. As the functionality is deprecated and no longer supported, the flaw has been scored as Moderate for Data Grid 7.\n\nData Grid 8 is not affected by this flaw.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Red Hat Data Grid 7.3.7" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2017-7658" }, { "category": "external", "summary": "RHBZ#1595621", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1595621" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2017-7658", "url": "https://www.cve.org/CVERecord?id=CVE-2017-7658" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2017-7658", "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-7658" } ], "release_date": "2018-06-07T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2020-09-17T13:07:49+00:00", "details": "To install this update, do the following:\n\n1. Download the Data Grid 7.3.7 server patch from the customer portal. See the download link in the References section.\n2. Back up your existing Data Grid installation. You should back up databases, configuration files, and so on.\n3. Install the Data Grid 7.3.7 server patch. Refer to the 7.3 Release Notes for patching instructions.\n4. Restart Data Grid to ensure the changes take effect.", "product_ids": [ "Red Hat Data Grid 7.3.7" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2020:3779" } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 5.6, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L", "version": "3.1" }, "products": [ "Red Hat Data Grid 7.3.7" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "jetty: Incorrect header handling" }, { "acknowledgments": [ { "names": [ "Brian Stansberry" ], "organization": "Red Hat", "summary": "This issue was discovered by Red Hat." } ], "cve": "CVE-2019-10172", "cwe": { "id": "CWE-611", "name": "Improper Restriction of XML External Entity Reference" }, "discovery_date": "2019-04-09T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1715075" } ], "notes": [ { "category": "description", "text": "A flaw was found in org.codehaus.jackson:jackson-mapper-asl:1.9.x libraries such that an XML external entity (XXE) vulnerability affects codehaus\u0027s jackson-mapper-asl libraries. This vulnerability is similar to CVE-2016-3720. The primary threat from this flaw is data integrity.", "title": "Vulnerability description" }, { "category": "summary", "text": "jackson-mapper-asl: XML external entity similar to CVE-2016-3720", "title": "Vulnerability summary" }, { "category": "other", "text": "Red Hat OpenStack Platform ships OpenDaylight, which contains the vulnerable jackson-databind. However, OpenDaylight does not expose jackson-databind in a way that would make it vulnerable, lowering the impact of the vulnerability for OpenDaylight. As such, Red Hat will not be providing a fix for OpenDaylight at this time.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Red Hat Data Grid 7.3.7" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2019-10172" }, { "category": "external", "summary": "RHBZ#1715075", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1715075" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2019-10172", "url": "https://www.cve.org/CVERecord?id=CVE-2019-10172" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2019-10172", "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-10172" } ], "release_date": "2019-11-18T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2020-09-17T13:07:49+00:00", "details": "To install this update, do the following:\n\n1. Download the Data Grid 7.3.7 server patch from the customer portal. See the download link in the References section.\n2. Back up your existing Data Grid installation. You should back up databases, configuration files, and so on.\n3. Install the Data Grid 7.3.7 server patch. Refer to the 7.3 Release Notes for patching instructions.\n4. Restart Data Grid to ensure the changes take effect.", "product_ids": [ "Red Hat Data Grid 7.3.7" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2020:3779" } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.9, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N", "version": "3.0" }, "products": [ "Red Hat Data Grid 7.3.7" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "jackson-mapper-asl: XML external entity similar to CVE-2016-3720" }, { "acknowledgments": [ { "names": [ "Mirko Selber" ], "organization": "Compass Security" } ], "cve": "CVE-2020-1695", "cwe": { "id": "CWE-20", "name": "Improper Input Validation" }, "discovery_date": "2019-07-16T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1730462" } ], "notes": [ { "category": "description", "text": "A flaw was found in Resteasy, where an improper input validation results in returning an illegal header that integrates into the server\u0027s response. This flaw may result in an injection, which leads to unexpected behavior when the HTTP response is constructed.", "title": "Vulnerability description" }, { "category": "summary", "text": "resteasy: Improper validation of response header in MediaTypeHeaderDelegate.java class", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Red Hat Data Grid 7.3.7" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2020-1695" }, { "category": "external", "summary": "RHBZ#1730462", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1730462" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2020-1695", "url": "https://www.cve.org/CVERecord?id=CVE-2020-1695" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-1695", "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-1695" } ], "release_date": "2020-04-15T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2020-09-17T13:07:49+00:00", "details": "To install this update, do the following:\n\n1. Download the Data Grid 7.3.7 server patch from the customer portal. See the download link in the References section.\n2. Back up your existing Data Grid installation. You should back up databases, configuration files, and so on.\n3. Install the Data Grid 7.3.7 server patch. Refer to the 7.3 Release Notes for patching instructions.\n4. Restart Data Grid to ensure the changes take effect.", "product_ids": [ "Red Hat Data Grid 7.3.7" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2020:3779" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", "version": "3.0" }, "products": [ "Red Hat Data Grid 7.3.7" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "resteasy: Improper validation of response header in MediaTypeHeaderDelegate.java class" }, { "cve": "CVE-2020-1710", "cwe": { "id": "CWE-113", "name": "Improper Neutralization of CRLF Sequences in HTTP Headers (\u0027HTTP Request/Response Splitting\u0027)" }, "discovery_date": "2019-12-20T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1793970" } ], "notes": [ { "category": "description", "text": "A flaw was discovered in JBoss EAP, where it does not process the header field-name in accordance with RFC7230. Whitespace between the header field-name and colon is processed, resulting in an HTTP response code of 200 instead of a bad request of 400.", "title": "Vulnerability description" }, { "category": "summary", "text": "EAP: field-name is not parsed in accordance to RFC7230", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Red Hat Data Grid 7.3.7" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2020-1710" }, { "category": "external", "summary": "RHBZ#1793970", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1793970" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2020-1710", "url": "https://www.cve.org/CVERecord?id=CVE-2020-1710" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-1710", "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-1710" } ], "release_date": "2020-08-06T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2020-09-17T13:07:49+00:00", "details": "To install this update, do the following:\n\n1. Download the Data Grid 7.3.7 server patch from the customer portal. See the download link in the References section.\n2. Back up your existing Data Grid installation. You should back up databases, configuration files, and so on.\n3. Install the Data Grid 7.3.7 server patch. Refer to the 7.3 Release Notes for patching instructions.\n4. Restart Data Grid to ensure the changes take effect.", "product_ids": [ "Red Hat Data Grid 7.3.7" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2020:3779" }, { "category": "workaround", "details": "There is currently no known mitigation for this issue.", "product_ids": [ "Red Hat Data Grid 7.3.7" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", "version": "3.1" }, "products": [ "Red Hat Data Grid 7.3.7" ] } ], "threats": [ { "category": "impact", "details": "Important" } ], "title": "EAP: field-name is not parsed in accordance to RFC7230" }, { "cve": "CVE-2020-1719", "cwe": { "id": "CWE-270", "name": "Privilege Context Switching Error" }, "discovery_date": "2019-08-26T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1796617" } ], "notes": [ { "category": "description", "text": "A flaw was found in wildfly. The EJBContext principle is not popped back after invoking another EJB using a different Security Domain. The highest threat from this vulnerability is to data confidentiality and integrity.", "title": "Vulnerability description" }, { "category": "summary", "text": "Wildfly: EJBContext principal is not popped back after invoking another EJB using a different Security Domain", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Red Hat Data Grid 7.3.7" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2020-1719" }, { "category": "external", "summary": "RHBZ#1796617", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1796617" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2020-1719", "url": "https://www.cve.org/CVERecord?id=CVE-2020-1719" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-1719", "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-1719" } ], "release_date": "2019-06-18T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2020-09-17T13:07:49+00:00", "details": "To install this update, do the following:\n\n1. Download the Data Grid 7.3.7 server patch from the customer portal. See the download link in the References section.\n2. Back up your existing Data Grid installation. You should back up databases, configuration files, and so on.\n3. Install the Data Grid 7.3.7 server patch. Refer to the 7.3 Release Notes for patching instructions.\n4. Restart Data Grid to ensure the changes take effect.", "product_ids": [ "Red Hat Data Grid 7.3.7" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2020:3779" } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 4.2, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N", "version": "3.1" }, "products": [ "Red Hat Data Grid 7.3.7" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "Wildfly: EJBContext principal is not popped back after invoking another EJB using a different Security Domain" }, { "acknowledgments": [ { "names": [ "Steve Zapantis", "Robert Roberson", "taktakdb4g" ] } ], "cve": "CVE-2020-1745", "cwe": { "id": "CWE-285", "name": "Improper Authorization" }, "discovery_date": "2020-02-24T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1807305" } ], "notes": [ { "category": "description", "text": "A file inclusion vulnerability was found in the AJP connector enabled with a default AJP configuration port of 8009 in Undertow version 2.0.29.Final and before. A remote, unauthenticated attacker could exploit this vulnerability to read web application files from a vulnerable server. In instances where the vulnerable server allows file uploads, an attacker could upload malicious JavaServer Pages (JSP) code within a variety of file types and trigger this vulnerability to gain remote code execution.", "title": "Vulnerability description" }, { "category": "summary", "text": "undertow: AJP File Read/Inclusion Vulnerability", "title": "Vulnerability summary" }, { "category": "other", "text": "Please refer to the Red Hat knowledgebase article: https://access.redhat.com/solutions/4851251 and CVE page https://access.redhat.com/security/cve/cve-2020-1938", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Red Hat Data Grid 7.3.7" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2020-1745" }, { "category": "external", "summary": "RHBZ#1807305", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1807305" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2020-1745", "url": "https://www.cve.org/CVERecord?id=CVE-2020-1745" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-1745", "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-1745" }, { "category": "external", "summary": "https://meterpreter.org/cve-2020-1938-apache-tomcat-ajp-connector-remote-code-execution-vulnerability-alert/", "url": "https://meterpreter.org/cve-2020-1938-apache-tomcat-ajp-connector-remote-code-execution-vulnerability-alert/" }, { "category": "external", "summary": "https://www.cnvd.org.cn/webinfo/show/5415", "url": "https://www.cnvd.org.cn/webinfo/show/5415" }, { "category": "external", "summary": "https://www.tenable.com/blog/cve-2020-1938-ghostcat-apache-tomcat-ajp-file-readinclusion-vulnerability-cnvd-2020-10487", "url": "https://www.tenable.com/blog/cve-2020-1938-ghostcat-apache-tomcat-ajp-file-readinclusion-vulnerability-cnvd-2020-10487" } ], "release_date": "2020-02-26T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2020-09-17T13:07:49+00:00", "details": "To install this update, do the following:\n\n1. Download the Data Grid 7.3.7 server patch from the customer portal. See the download link in the References section.\n2. Back up your existing Data Grid installation. You should back up databases, configuration files, and so on.\n3. Install the Data Grid 7.3.7 server patch. Refer to the 7.3 Release Notes for patching instructions.\n4. Restart Data Grid to ensure the changes take effect.", "product_ids": [ "Red Hat Data Grid 7.3.7" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2020:3779" }, { "category": "workaround", "details": "Please refer to the Red Hat knowledgebase article: https://access.redhat.com/solutions/4851251", "product_ids": [ "Red Hat Data Grid 7.3.7" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "ADJACENT_NETWORK", "availabilityImpact": "LOW", "baseScore": 7.6, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:L", "version": "3.1" }, "products": [ "Red Hat Data Grid 7.3.7" ] } ], "threats": [ { "category": "impact", "details": "Important" } ], "title": "undertow: AJP File Read/Inclusion Vulnerability" }, { "cve": "CVE-2020-1748", "cwe": { "id": "CWE-285", "name": "Improper Authorization" }, "discovery_date": "2020-02-26T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1807707" } ], "notes": [ { "category": "description", "text": "A flaw was found in Wildfly, where the WildFlySecurityManager checks were bypassed when using custom security managers, resulting in an improper authorization. This flaw leads to information exposure by unauthenticated access to secure resources.", "title": "Vulnerability description" }, { "category": "summary", "text": "Wildfly: Improper authorization issue in WildFlySecurityManager when using alternative protection domain", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Red Hat Data Grid 7.3.7" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2020-1748" }, { "category": "external", "summary": "RHBZ#1807707", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1807707" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2020-1748", "url": "https://www.cve.org/CVERecord?id=CVE-2020-1748" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-1748", "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-1748" } ], "release_date": "2020-08-06T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2020-09-17T13:07:49+00:00", "details": "To install this update, do the following:\n\n1. Download the Data Grid 7.3.7 server patch from the customer portal. See the download link in the References section.\n2. Back up your existing Data Grid installation. You should back up databases, configuration files, and so on.\n3. Install the Data Grid 7.3.7 server patch. Refer to the 7.3 Release Notes for patching instructions.\n4. Restart Data Grid to ensure the changes take effect.", "product_ids": [ "Red Hat Data Grid 7.3.7" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2020:3779" } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 4.8, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N", "version": "3.1" }, "products": [ "Red Hat Data Grid 7.3.7" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "Wildfly: Improper authorization issue in WildFlySecurityManager when using alternative protection domain" }, { "acknowledgments": [ { "names": [ "Fedorov Oleksii", "Keitaro Yamazaki", "Shiga Ryota" ], "organization": "LINE Corporation" } ], "cve": "CVE-2020-1757", "cwe": { "id": "CWE-200", "name": "Exposure of Sensitive Information to an Unauthorized Actor" }, "discovery_date": "2019-09-09T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1752770" } ], "notes": [ { "category": "description", "text": "A flaw was found in Undertow, where the servlet container causes the servletPath to normalize incorrectly by truncating the path after the semicolon. The flaw may lead to application mapping, resulting in a security bypass.", "title": "Vulnerability description" }, { "category": "summary", "text": "undertow: servletPath is normalized incorrectly leading to dangerous application mapping which could result in security bypass", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Red Hat Data Grid 7.3.7" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2020-1757" }, { "category": "external", "summary": "RHBZ#1752770", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1752770" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2020-1757", "url": "https://www.cve.org/CVERecord?id=CVE-2020-1757" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-1757", "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-1757" } ], "release_date": "2018-12-19T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2020-09-17T13:07:49+00:00", "details": "To install this update, do the following:\n\n1. Download the Data Grid 7.3.7 server patch from the customer portal. See the download link in the References section.\n2. Back up your existing Data Grid installation. You should back up databases, configuration files, and so on.\n3. Install the Data Grid 7.3.7 server patch. Refer to the 7.3 Release Notes for patching instructions.\n4. Restart Data Grid to ensure the changes take effect.", "product_ids": [ "Red Hat Data Grid 7.3.7" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2020:3779" }, { "category": "workaround", "details": "The issue can be mitigated by configuring UrlPathHelper to ignore the servletPath via setting \"alwaysUseFullPath\".", "product_ids": [ "Red Hat Data Grid 7.3.7" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 8.1, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N", "version": "3.0" }, "products": [ "Red Hat Data Grid 7.3.7" ] } ], "threats": [ { "category": "impact", "details": "Important" } ], "title": "undertow: servletPath is normalized incorrectly leading to dangerous application mapping which could result in security bypass" }, { "cve": "CVE-2020-8840", "cwe": { "id": "CWE-502", "name": "Deserialization of Untrusted Data" }, "discovery_date": "2020-03-02T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1816330" } ], "notes": [ { "category": "description", "text": "A flaw was found in FasterXML jackson-databind in versions 2.0.0 through 2.9.10.2. A \"gadget\" exploit is possible due to a lack of a Java object being blocking from being deserialized. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.", "title": "Vulnerability description" }, { "category": "summary", "text": "jackson-databind: Lacks certain xbean-reflect/JNDI blocking", "title": "Vulnerability summary" }, { "category": "other", "text": "Red Hat OpenStack Platform ships OpenDaylight, which contains the vulnerable jackson-databind. However, OpenDaylight does not expose jackson-databind in a way that would make it vulnerable, lowering the impact of the vulnerability for OpenDaylight. As such, Red Hat will not be providing a fix for OpenDaylight at this time.\n\nWhile OpenShift Container Platform\u0027s elasticsearch plugins do ship the vulnerable component, it doesn\u0027t do any of the unsafe things described in https://access.redhat.com/solutions/3279231. We may update the jackson-databind dependency in a future release.\n\nRed Hat Satellite 6 does not enable polymorphic deserialization which is a required configuration for the vulnerability to be used. We may update the jackson-databind dependency in a future release.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Red Hat Data Grid 7.3.7" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2020-8840" }, { "category": "external", "summary": "RHBZ#1816330", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1816330" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2020-8840", "url": "https://www.cve.org/CVERecord?id=CVE-2020-8840" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-8840", "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-8840" } ], "release_date": "2020-03-02T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2020-09-17T13:07:49+00:00", "details": "To install this update, do the following:\n\n1. Download the Data Grid 7.3.7 server patch from the customer portal. See the download link in the References section.\n2. Back up your existing Data Grid installation. You should back up databases, configuration files, and so on.\n3. Install the Data Grid 7.3.7 server patch. Refer to the 7.3 Release Notes for patching instructions.\n4. Restart Data Grid to ensure the changes take effect.", "product_ids": [ "Red Hat Data Grid 7.3.7" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2020:3779" } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.1, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "Red Hat Data Grid 7.3.7" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "jackson-databind: Lacks certain xbean-reflect/JNDI blocking" }, { "cve": "CVE-2020-9488", "cwe": { "id": "CWE-295", "name": "Improper Certificate Validation" }, "discovery_date": "2020-04-25T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1831139" } ], "notes": [ { "category": "description", "text": "Improper validation of certificate with host mismatch in Apache Log4j SMTP appender. This could allow an SMTPS connection to be intercepted by a man-in-the-middle attack which could leak any log messages sent through that appender. Fixed in Apache Log4j 2.12.3 and 2.13.1", "title": "Vulnerability description" }, { "category": "summary", "text": "log4j: improper validation of certificate with host mismatch in SMTP appender", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Red Hat Data Grid 7.3.7" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2020-9488" }, { "category": "external", "summary": "RHBZ#1831139", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1831139" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2020-9488", "url": "https://www.cve.org/CVERecord?id=CVE-2020-9488" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-9488", "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-9488" } ], "release_date": "2020-04-25T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2020-09-17T13:07:49+00:00", "details": "To install this update, do the following:\n\n1. Download the Data Grid 7.3.7 server patch from the customer portal. See the download link in the References section.\n2. Back up your existing Data Grid installation. You should back up databases, configuration files, and so on.\n3. Install the Data Grid 7.3.7 server patch. Refer to the 7.3 Release Notes for patching instructions.\n4. Restart Data Grid to ensure the changes take effect.", "product_ids": [ "Red Hat Data Grid 7.3.7" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2020:3779" }, { "category": "workaround", "details": "Previous versions can set the system property mail.smtp.ssl.checkserveridentity to true to globally enable hostname verification for SMTPS connections.", "product_ids": [ "Red Hat Data Grid 7.3.7" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 3.7, "baseSeverity": "LOW", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N", "version": "3.1" }, "products": [ "Red Hat Data Grid 7.3.7" ] } ], "threats": [ { "category": "impact", "details": "Low" } ], "title": "log4j: improper validation of certificate with host mismatch in SMTP appender" }, { "cve": "CVE-2020-9546", "cwe": { "id": "CWE-502", "name": "Deserialization of Untrusted Data" }, "discovery_date": "2020-03-02T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1816332" } ], "notes": [ { "category": "description", "text": "A flaw was found in jackson-databind 2.x in versions prior to 2.9.10.4. FasterXML jackson-databind 2.x mishandles the interaction between serialization gadgets and typing. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.", "title": "Vulnerability description" }, { "category": "summary", "text": "jackson-databind: Serialization gadgets in shaded-hikari-config", "title": "Vulnerability summary" }, { "category": "other", "text": "Red Hat OpenStack Platform ships OpenDaylight, which contains the vulnerable jackson-databind. However, OpenDaylight does not expose jackson-databind in a way that would make it vulnerable, lowering the impact of the vulnerability for OpenDaylight. As such, Red Hat will not be providing a fix for OpenDaylight at this time.\n\nWhile OpenShift Container Platform\u0027s elasticsearch plugins do ship the vulnerable component, it doesn\u0027t do any of the unsafe things described in https://access.redhat.com/solutions/3279231. We may update the jackson-databind dependency in a future release.\n\nRed Hat Satellite 6 does not enable polymorphic deserialization which is a required configuration for the vulnerability to be used. We may update the jackson-databind dependency in a future release.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Red Hat Data Grid 7.3.7" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2020-9546" }, { "category": "external", "summary": "RHBZ#1816332", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1816332" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2020-9546", "url": "https://www.cve.org/CVERecord?id=CVE-2020-9546" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-9546", "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-9546" } ], "release_date": "2020-03-02T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2020-09-17T13:07:49+00:00", "details": "To install this update, do the following:\n\n1. Download the Data Grid 7.3.7 server patch from the customer portal. See the download link in the References section.\n2. Back up your existing Data Grid installation. You should back up databases, configuration files, and so on.\n3. Install the Data Grid 7.3.7 server patch. Refer to the 7.3 Release Notes for patching instructions.\n4. Restart Data Grid to ensure the changes take effect.", "product_ids": [ "Red Hat Data Grid 7.3.7" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2020:3779" } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.1, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "Red Hat Data Grid 7.3.7" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "jackson-databind: Serialization gadgets in shaded-hikari-config" }, { "cve": "CVE-2020-9547", "cwe": { "id": "CWE-502", "name": "Deserialization of Untrusted Data" }, "discovery_date": "2020-03-02T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1816337" } ], "notes": [ { "category": "description", "text": "A flaw was found in jackson-databind 2.x. FasterXML jackson-databind 2.x mishandles the interaction between serialization gadgets and typing. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.", "title": "Vulnerability description" }, { "category": "summary", "text": "jackson-databind: Serialization gadgets in ibatis-sqlmap", "title": "Vulnerability summary" }, { "category": "other", "text": "Red Hat OpenStack Platform ships OpenDaylight, which contains the vulnerable jackson-databind. However, OpenDaylight does not expose jackson-databind in a way that would make it vulnerable, lowering the impact of the vulnerability for OpenDaylight. As such, Red Hat will not be providing a fix for OpenDaylight at this time.\n\nWhile OpenShift Container Platform\u0027s elasticsearch plugins do ship the vulnerable component, it doesn\u0027t do any of the unsafe things described in https://access.redhat.com/solutions/3279231. We may update the jackson-databind dependency in a future release.\n\nRed Hat Satellite 6 does not enable polymorphic deserialization which is a required configuration for the vulnerability to be used. We may update the jackson-databind dependency in a future release.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Red Hat Data Grid 7.3.7" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2020-9547" }, { "category": "external", "summary": "RHBZ#1816337", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1816337" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2020-9547", "url": "https://www.cve.org/CVERecord?id=CVE-2020-9547" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-9547", "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-9547" } ], "release_date": "2020-03-02T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2020-09-17T13:07:49+00:00", "details": "To install this update, do the following:\n\n1. Download the Data Grid 7.3.7 server patch from the customer portal. See the download link in the References section.\n2. Back up your existing Data Grid installation. You should back up databases, configuration files, and so on.\n3. Install the Data Grid 7.3.7 server patch. Refer to the 7.3 Release Notes for patching instructions.\n4. Restart Data Grid to ensure the changes take effect.", "product_ids": [ "Red Hat Data Grid 7.3.7" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2020:3779" } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.1, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "Red Hat Data Grid 7.3.7" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "jackson-databind: Serialization gadgets in ibatis-sqlmap" }, { "cve": "CVE-2020-9548", "cwe": { "id": "CWE-502", "name": "Deserialization of Untrusted Data" }, "discovery_date": "2020-03-02T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1816340" } ], "notes": [ { "category": "description", "text": "A flaw was found in jackson-databind 2.x. FasterXML jackson-databind 2.x mishandles the interaction between serialization gadgets and typing. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.", "title": "Vulnerability description" }, { "category": "summary", "text": "jackson-databind: Serialization gadgets in anteros-core", "title": "Vulnerability summary" }, { "category": "other", "text": "Red Hat OpenStack Platform ships OpenDaylight, which contains the vulnerable jackson-databind. However, OpenDaylight does not expose jackson-databind in a way that would make it vulnerable, lowering the impact of the vulnerability for OpenDaylight. As such, Red Hat will not be providing a fix for OpenDaylight at this time.\n\nWhile OpenShift Container Platform\u0027s elasticsearch plugins do ship the vulnerable component, it doesn\u0027t do any of the unsafe things described in https://access.redhat.com/solutions/3279231. We may update the jackson-databind dependency in a future release.\n\nRed Hat Satellite 6 does not enable polymorphic deserialization which is a required configuration for the vulnerability to be used. We may update the jackson-databind dependency in a future release.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Red Hat Data Grid 7.3.7" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2020-9548" }, { "category": "external", "summary": "RHBZ#1816340", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1816340" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2020-9548", "url": "https://www.cve.org/CVERecord?id=CVE-2020-9548" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-9548", "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-9548" } ], "release_date": "2020-03-02T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2020-09-17T13:07:49+00:00", "details": "To install this update, do the following:\n\n1. Download the Data Grid 7.3.7 server patch from the customer portal. See the download link in the References section.\n2. Back up your existing Data Grid installation. You should back up databases, configuration files, and so on.\n3. Install the Data Grid 7.3.7 server patch. Refer to the 7.3 Release Notes for patching instructions.\n4. Restart Data Grid to ensure the changes take effect.", "product_ids": [ "Red Hat Data Grid 7.3.7" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2020:3779" } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.1, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "Red Hat Data Grid 7.3.7" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "jackson-databind: Serialization gadgets in anteros-core" }, { "cve": "CVE-2020-10672", "cwe": { "id": "CWE-96", "name": "Improper Neutralization of Directives in Statically Saved Code (\u0027Static Code Injection\u0027)" }, "discovery_date": "2020-03-19T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1815495" } ], "notes": [ { "category": "description", "text": "A flaw was found in jackson-databind 2.x in versions prior to 2.9.10.4. FasterXML jackson-databind 2.x mishandles the interaction between serialization gadgets and typing. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.", "title": "Vulnerability description" }, { "category": "summary", "text": "jackson-databind: mishandles the interaction between serialization gadgets and typing which could result in remote command execution", "title": "Vulnerability summary" }, { "category": "other", "text": "Red Hat OpenStack Platform ships OpenDaylight, which contains the vulnerable jackson-databind. However, OpenDaylight does not expose jackson-databind in a way that would make it vulnerable, lowering the impact of the vulnerability for OpenDaylight. As such, Red Hat will not be providing a fix for OpenDaylight at this time.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Red Hat Data Grid 7.3.7" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2020-10672" }, { "category": "external", "summary": "RHBZ#1815495", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1815495" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2020-10672", "url": "https://www.cve.org/CVERecord?id=CVE-2020-10672" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-10672", "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-10672" } ], "release_date": "2020-03-15T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2020-09-17T13:07:49+00:00", "details": "To install this update, do the following:\n\n1. Download the Data Grid 7.3.7 server patch from the customer portal. See the download link in the References section.\n2. Back up your existing Data Grid installation. You should back up databases, configuration files, and so on.\n3. Install the Data Grid 7.3.7 server patch. Refer to the 7.3 Release Notes for patching instructions.\n4. Restart Data Grid to ensure the changes take effect.", "product_ids": [ "Red Hat Data Grid 7.3.7" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2020:3779" } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.1, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "Red Hat Data Grid 7.3.7" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "jackson-databind: mishandles the interaction between serialization gadgets and typing which could result in remote command execution" }, { "cve": "CVE-2020-10673", "cwe": { "id": "CWE-96", "name": "Improper Neutralization of Directives in Statically Saved Code (\u0027Static Code Injection\u0027)" }, "discovery_date": "2020-03-19T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1815470" } ], "notes": [ { "category": "description", "text": "A flaw was found in jackson-databind 2.x in versions prior to 2.9.10.4. FasterXML jackson-databind 2.x mishandles the interaction between serialization gadgets and typing. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.", "title": "Vulnerability description" }, { "category": "summary", "text": "jackson-databind: mishandles the interaction between serialization gadgets and typing which could result in remote command execution", "title": "Vulnerability summary" }, { "category": "other", "text": "Red Hat OpenStack Platform ships OpenDaylight, which contains the vulnerable jackson-databind. However, OpenDaylight does not expose jackson-databind in a way that would make it vulnerable, lowering the impact of the vulnerability for OpenDaylight. As such, Red Hat will not be providing a fix for OpenDaylight at this time. Additionally, the gadget is not available within Red Hat Openstack Platform\u0027s OpenDaylight.\n\nWhile OpenShift Container Platform\u0027s elasticsearch plugins do ship the vulnerable component, it doesn\u0027t do any of the unsafe things described in https://access.redhat.com/solutions/3279231. We may update the jackson-databind dependency in a future release.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Red Hat Data Grid 7.3.7" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2020-10673" }, { "category": "external", "summary": "RHBZ#1815470", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1815470" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2020-10673", "url": "https://www.cve.org/CVERecord?id=CVE-2020-10673" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-10673", "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-10673" } ], "release_date": "2020-03-18T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2020-09-17T13:07:49+00:00", "details": "To install this update, do the following:\n\n1. Download the Data Grid 7.3.7 server patch from the customer portal. See the download link in the References section.\n2. Back up your existing Data Grid installation. You should back up databases, configuration files, and so on.\n3. Install the Data Grid 7.3.7 server patch. Refer to the 7.3 Release Notes for patching instructions.\n4. Restart Data Grid to ensure the changes take effect.", "product_ids": [ "Red Hat Data Grid 7.3.7" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2020:3779" } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.1, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "Red Hat Data Grid 7.3.7" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "jackson-databind: mishandles the interaction between serialization gadgets and typing which could result in remote command execution" }, { "acknowledgments": [ { "names": [ "Mark Banierink" ], "organization": "Nedap" } ], "cve": "CVE-2020-10714", "cwe": { "id": "CWE-384", "name": "Session Fixation" }, "discovery_date": "2020-03-24T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1825714" } ], "notes": [ { "category": "description", "text": "A flaw was found in WildFly Elytron version 1.11.3.Final and before. When using WildFly Elytron FORM authentication with a session ID in the URL, an attacker could perform a session fixation attack. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.", "title": "Vulnerability description" }, { "category": "summary", "text": "wildfly-elytron: session fixation when using FORM authentication", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Red Hat Data Grid 7.3.7" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2020-10714" }, { "category": "external", "summary": "RHBZ#1825714", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1825714" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2020-10714", "url": "https://www.cve.org/CVERecord?id=CVE-2020-10714" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-10714", "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-10714" } ], "release_date": "2020-04-28T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2020-09-17T13:07:49+00:00", "details": "To install this update, do the following:\n\n1. Download the Data Grid 7.3.7 server patch from the customer portal. See the download link in the References section.\n2. Back up your existing Data Grid installation. You should back up databases, configuration files, and so on.\n3. Install the Data Grid 7.3.7 server patch. Refer to the 7.3 Release Notes for patching instructions.\n4. Restart Data Grid to ensure the changes take effect.", "product_ids": [ "Red Hat Data Grid 7.3.7" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2020:3779" }, { "category": "workaround", "details": "This attack is dependent on the attacker being able to create a session and the victim accessing the session before the session expires, we do have a 15 minute session timeout by default but the attacker could also keep this alive by say sending in a request every five minutes.\n\nThe server by default supports session tracking by URL and Cookie, if the web.xml is updated to support COOKIE only the exploit is not possible by sharing the link.\n~~~\n \u003csession-config\u003e\n \u003ctracking-mode\u003eURL\u003c/tracking-mode\u003e\n \u003c/session-config\u003e\n~~~\nTO\n~~~\n \u003csession-config\u003e\n \u003ctracking-mode\u003eCOOKIE\u003c/tracking-mode\u003e\n \u003c/session-config\u003e\n~~~", "product_ids": [ "Red Hat Data Grid 7.3.7" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "Red Hat Data Grid 7.3.7" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "wildfly-elytron: session fixation when using FORM authentication" }, { "cve": "CVE-2020-10968", "cwe": { "id": "CWE-502", "name": "Deserialization of Untrusted Data" }, "discovery_date": "2020-03-26T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1819208" } ], "notes": [ { "category": "description", "text": "A flaw was found in jackson-databind 2.x prior to version 2.9.10.4. The interaction between serialization gadgets and typing is mishandled in the bus-proxy. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.", "title": "Vulnerability description" }, { "category": "summary", "text": "jackson-databind: Serialization gadgets in org.aoju.bus.proxy.provider.*.RmiProvider", "title": "Vulnerability summary" }, { "category": "other", "text": "While OpenShift Container Platform\u0027s elasticsearch plugins do ship the vulnerable component, it doesn\u0027t do any of the unsafe things described in https://access.redhat.com/solutions/3279231. We may update the jackson-databind dependency in a future release.\n\nRed Hat OpenStack Platform ships OpenDaylight, which contains the vulnerable jackson-databind. However, OpenDaylight does not expose jackson-databind in a way that would make it vulnerable, lowering the impact of the vulnerability for OpenDaylight. As such, Red Hat will not be providing a fix for OpenDaylight at this time.\n\nRed Hat Satellite 6 does not enable polymorphic deserialization which is a required configuration for the vulnerability to be used. We may update the jackson-databind dependency in a future release.\n\nThe PKI module as shipped in Red Hat Enterprise Linux 8 does not enable polymorphic deserialization which is a required configuration for the vulnerability to be used, lowering the impact of the vulnerability for the Product. We may update the jackson-databind dependency in a future release.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Red Hat Data Grid 7.3.7" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2020-10968" }, { "category": "external", "summary": "RHBZ#1819208", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1819208" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2020-10968", "url": "https://www.cve.org/CVERecord?id=CVE-2020-10968" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-10968", "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-10968" } ], "release_date": "2020-03-22T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2020-09-17T13:07:49+00:00", "details": "To install this update, do the following:\n\n1. Download the Data Grid 7.3.7 server patch from the customer portal. See the download link in the References section.\n2. Back up your existing Data Grid installation. You should back up databases, configuration files, and so on.\n3. Install the Data Grid 7.3.7 server patch. Refer to the 7.3 Release Notes for patching instructions.\n4. Restart Data Grid to ensure the changes take effect.", "product_ids": [ "Red Hat Data Grid 7.3.7" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2020:3779" }, { "category": "workaround", "details": "The following conditions are needed for an exploit, we recommend avoiding all if possible\n* Deserialization from sources you do not control\n* `enableDefaultTyping()`\n* `@JsonTypeInfo using `id.CLASS` or `id.MINIMAL_CLASS`", "product_ids": [ "Red Hat Data Grid 7.3.7" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "Red Hat Data Grid 7.3.7" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "jackson-databind: Serialization gadgets in org.aoju.bus.proxy.provider.*.RmiProvider" }, { "cve": "CVE-2020-10969", "cwe": { "id": "CWE-502", "name": "Deserialization of Untrusted Data" }, "discovery_date": "2020-03-26T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1819212" } ], "notes": [ { "category": "description", "text": "A flaw was found in jackson-databind 2.x in versions prior to 2.9.10.4. The interaction between serialization gadgets and typing is mishandled. The highest threat from this vulnerability is to data confidentiality.", "title": "Vulnerability description" }, { "category": "summary", "text": "jackson-databind: Serialization gadgets in javax.swing.JEditorPane", "title": "Vulnerability summary" }, { "category": "other", "text": "While OpenShift Container Platform\u0027s elasticsearch plugins do ship the vulnerable component, it doesn\u0027t do any of the unsafe things described in https://access.redhat.com/solutions/3279231. We may update the jackson-databind dependency in a future release.\n\nRed Hat OpenStack Platform ships OpenDaylight, which contains the vulnerable jackson-databind. However, OpenDaylight does not expose jackson-databind in a way that would make it vulnerable, lowering the impact of the vulnerability for OpenDaylight. As such, Red Hat will not be providing a fix for OpenDaylight at this time.\n\nRed Hat Satellite 6 does not enable polymorphic deserialization which is a required configuration for the vulnerability to be used. We may update the jackson-databind dependency in a future release.\n\nThe PKI module as shipped in Red Hat Enterprise Linux 8 does not enable polymorphic deserialization which is a required configuration for the vulnerability to be used, lowering the impact of the vulnerability for the Product. We may update the jackson-databind dependency in a future release.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Red Hat Data Grid 7.3.7" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2020-10969" }, { "category": "external", "summary": "RHBZ#1819212", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1819212" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2020-10969", "url": "https://www.cve.org/CVERecord?id=CVE-2020-10969" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-10969", "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-10969" } ], "release_date": "2020-03-03T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2020-09-17T13:07:49+00:00", "details": "To install this update, do the following:\n\n1. Download the Data Grid 7.3.7 server patch from the customer portal. See the download link in the References section.\n2. Back up your existing Data Grid installation. You should back up databases, configuration files, and so on.\n3. Install the Data Grid 7.3.7 server patch. Refer to the 7.3 Release Notes for patching instructions.\n4. Restart Data Grid to ensure the changes take effect.", "product_ids": [ "Red Hat Data Grid 7.3.7" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2020:3779" }, { "category": "workaround", "details": "The following conditions are needed for an exploit, we recommend avoiding all if possible\n* Deserialization from sources you do not control\n* `enableDefaultTyping()`\n* `@JsonTypeInfo using `id.CLASS` or `id.MINIMAL_CLASS`", "product_ids": [ "Red Hat Data Grid 7.3.7" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.1, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "Red Hat Data Grid 7.3.7" ] } ], "threats": [ { "category": "impact", "details": "Important" } ], "title": "jackson-databind: Serialization gadgets in javax.swing.JEditorPane" }, { "cve": "CVE-2020-11111", "cwe": { "id": "CWE-96", "name": "Improper Neutralization of Directives in Statically Saved Code (\u0027Static Code Injection\u0027)" }, "discovery_date": "2020-03-31T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1821304" } ], "notes": [ { "category": "description", "text": "A flaw was found in jackson-databind 2.x in versions prior to 2.9.10.4. The interaction between serialization gadgets and typing is mishandled. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.", "title": "Vulnerability description" }, { "category": "summary", "text": "jackson-databind: Serialization gadgets in org.apache.activemq.jms.pool.XaPooledConnectionFactory", "title": "Vulnerability summary" }, { "category": "other", "text": "Red Hat Satellite 6 does not enable polymorphic deserialization which is a required configuration for the vulnerability to be used. We may update the jackson-databind dependency in a future release.\n\nRed Hat OpenStack Platform ships OpenDaylight, which contains the vulnerable jackson-databind. However, OpenDaylight does not expose jackson-databind in a way that would make it vulnerable, lowering the impact of the vulnerability for OpenDaylight. As such, Red Hat will not be providing a fix for OpenDaylight at this time.\n\nWhile OpenShift Container Platform\u0027s elasticsearch plugins do ship the vulnerable component, it doesn\u0027t do any of the unsafe things described in https://access.redhat.com/solutions/3279231. We may update the jackson-databind dependency in a future release.\n\nThe PKI module as shipped in Red Hat Enterprise Linux 8 does not enable polymorphic deserialization which is a required configuration for the vulnerability to be used, lowering the impact of the vulnerability for the Product. We may update the jackson-databind dependency in a future release.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Red Hat Data Grid 7.3.7" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2020-11111" }, { "category": "external", "summary": "RHBZ#1821304", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1821304" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2020-11111", "url": "https://www.cve.org/CVERecord?id=CVE-2020-11111" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-11111", "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-11111" }, { "category": "external", "summary": "https://github.com/FasterXML/jackson-databind/issues/2664", "url": "https://github.com/FasterXML/jackson-databind/issues/2664" } ], "release_date": "2020-03-24T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2020-09-17T13:07:49+00:00", "details": "To install this update, do the following:\n\n1. Download the Data Grid 7.3.7 server patch from the customer portal. See the download link in the References section.\n2. Back up your existing Data Grid installation. You should back up databases, configuration files, and so on.\n3. Install the Data Grid 7.3.7 server patch. Refer to the 7.3 Release Notes for patching instructions.\n4. Restart Data Grid to ensure the changes take effect.", "product_ids": [ "Red Hat Data Grid 7.3.7" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2020:3779" }, { "category": "workaround", "details": "The following conditions are needed for an exploit, we recommend avoiding all if possible\n* Deserialization from sources you do not control\n* `enableDefaultTyping()`\n* `@JsonTypeInfo using `id.CLASS` or `id.MINIMAL_CLASS`", "product_ids": [ "Red Hat Data Grid 7.3.7" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.1, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "Red Hat Data Grid 7.3.7" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "jackson-databind: Serialization gadgets in org.apache.activemq.jms.pool.XaPooledConnectionFactory" }, { "cve": "CVE-2020-11112", "cwe": { "id": "CWE-96", "name": "Improper Neutralization of Directives in Statically Saved Code (\u0027Static Code Injection\u0027)" }, "discovery_date": "2020-03-31T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1821311" } ], "notes": [ { "category": "description", "text": "A flaw was found in jackson-databind 2.x in versions prior to 2.9.10.4. The interaction between serialization gadgets and typing is mishandled. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.", "title": "Vulnerability description" }, { "category": "summary", "text": "jackson-databind: Serialization gadgets in org.apache.commons.proxy.provider.remoting.RmiProvider", "title": "Vulnerability summary" }, { "category": "other", "text": "Red Hat Satellite 6 does not enable polymorphic deserialization which is a required configuration for the vulnerability to be used. We may update the jackson-databind dependency in a future release.\n\nRed Hat OpenStack Platform ships OpenDaylight, which contains the vulnerable jackson-databind. However, OpenDaylight does not expose jackson-databind in a way that would make it vulnerable, lowering the impact of the vulnerability for OpenDaylight. As such, Red Hat will not be providing a fix for OpenDaylight at this time.\n\nWhile OpenShift Container Platform\u0027s elasticsearch plugins do ship the vulnerable component, it doesn\u0027t do any of the unsafe things described in https://access.redhat.com/solutions/3279231. We may update the jackson-databind dependency in a future release.\n\nThe PKI module as shipped in Red Hat Enterprise Linux 8 does not enable polymorphic deserialization which is a required configuration for the vulnerability to be used, lowering the impact of the vulnerability for the Product. We may update the jackson-databind dependency in a future release.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Red Hat Data Grid 7.3.7" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2020-11112" }, { "category": "external", "summary": "RHBZ#1821311", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1821311" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2020-11112", "url": "https://www.cve.org/CVERecord?id=CVE-2020-11112" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-11112", "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-11112" }, { "category": "external", "summary": "https://github.com/FasterXML/jackson-databind/issues/2666", "url": "https://github.com/FasterXML/jackson-databind/issues/2666" } ], "release_date": "2020-03-25T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2020-09-17T13:07:49+00:00", "details": "To install this update, do the following:\n\n1. Download the Data Grid 7.3.7 server patch from the customer portal. See the download link in the References section.\n2. Back up your existing Data Grid installation. You should back up databases, configuration files, and so on.\n3. Install the Data Grid 7.3.7 server patch. Refer to the 7.3 Release Notes for patching instructions.\n4. Restart Data Grid to ensure the changes take effect.", "product_ids": [ "Red Hat Data Grid 7.3.7" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2020:3779" }, { "category": "workaround", "details": "The following conditions are needed for an exploit, we recommend avoiding all if possible\n* Deserialization from sources you do not control\n* `enableDefaultTyping()`\n* `@JsonTypeInfo using `id.CLASS` or `id.MINIMAL_CLASS`", "product_ids": [ "Red Hat Data Grid 7.3.7" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.1, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "Red Hat Data Grid 7.3.7" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "jackson-databind: Serialization gadgets in org.apache.commons.proxy.provider.remoting.RmiProvider" }, { "cve": "CVE-2020-11113", "cwe": { "id": "CWE-96", "name": "Improper Neutralization of Directives in Statically Saved Code (\u0027Static Code Injection\u0027)" }, "discovery_date": "2020-03-31T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1821315" } ], "notes": [ { "category": "description", "text": "A flaw was found in jackson-databind 2.x in versions prior to 2.9.10.4. The interaction between serialization gadgets and typing is mishandled. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.", "title": "Vulnerability description" }, { "category": "summary", "text": "jackson-databind: Serialization gadgets in org.apache.openjpa.ee.WASRegistryManagedRuntime", "title": "Vulnerability summary" }, { "category": "other", "text": "Red Hat Satellite 6 does not enable polymorphic deserialization which is a required configuration for the vulnerability to be used. We may update the jackson-databind dependency in a future release.\n\nRed Hat OpenStack Platform ships OpenDaylight, which contains the vulnerable jackson-databind. However, OpenDaylight does not expose jackson-databind in a way that would make it vulnerable, lowering the impact of the vulnerability for OpenDaylight. As such, Red Hat will not be providing a fix for OpenDaylight at this time.\n\nWhile OpenShift Container Platform\u0027s elasticsearch plugins do ship the vulnerable component, it doesn\u0027t do any of the unsafe things described in https://access.redhat.com/solutions/3279231. We may update the jackson-databind dependency in a future release.\n\nThe PKI module as shipped in Red Hat Enterprise Linux 8 does not enable polymorphic deserialization which is a required configuration for the vulnerability to be used, lowering the impact of the vulnerability for the Product. We may update the jackson-databind dependency in a future release.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Red Hat Data Grid 7.3.7" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2020-11113" }, { "category": "external", "summary": "RHBZ#1821315", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1821315" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2020-11113", "url": "https://www.cve.org/CVERecord?id=CVE-2020-11113" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-11113", "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-11113" }, { "category": "external", "summary": "https://github.com/FasterXML/jackson-databind/issues/2670", "url": "https://github.com/FasterXML/jackson-databind/issues/2670" } ], "release_date": "2020-03-28T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2020-09-17T13:07:49+00:00", "details": "To install this update, do the following:\n\n1. Download the Data Grid 7.3.7 server patch from the customer portal. See the download link in the References section.\n2. Back up your existing Data Grid installation. You should back up databases, configuration files, and so on.\n3. Install the Data Grid 7.3.7 server patch. Refer to the 7.3 Release Notes for patching instructions.\n4. Restart Data Grid to ensure the changes take effect.", "product_ids": [ "Red Hat Data Grid 7.3.7" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2020:3779" }, { "category": "workaround", "details": "The following conditions are needed for an exploit, we recommend avoiding all if possible\n* Deserialization from sources you do not control\n* `enableDefaultTyping()`\n* `@JsonTypeInfo using `id.CLASS` or `id.MINIMAL_CLASS`", "product_ids": [ "Red Hat Data Grid 7.3.7" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.1, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "Red Hat Data Grid 7.3.7" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "jackson-databind: Serialization gadgets in org.apache.openjpa.ee.WASRegistryManagedRuntime" }, { "cve": "CVE-2020-11612", "cwe": { "id": "CWE-400", "name": "Uncontrolled Resource Consumption" }, "discovery_date": "2020-03-23T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1816216" } ], "notes": [ { "category": "description", "text": "A flaw was found in Netty in the way it handles the amount of data it compresses and decompresses. The Compression/Decompression codecs should enforce memory allocation size limits to avoid an Out of Memory Error (OOME) or exhaustion of the memory pool.", "title": "Vulnerability description" }, { "category": "summary", "text": "netty: compression/decompression codecs don\u0027t enforce limits on buffer allocation sizes", "title": "Vulnerability summary" }, { "category": "other", "text": "In OpenShift Container Platform end users don\u0027t have direct access to send requests to ElasticSearch. A user could need access to the ElasticSearch service on the internal cluster network in order to be able to send malicious requests to it.\n\n\nThird party scanners flagging Red Hat Satellite due to availability of the higher version packages in Red Hat AMQ Clients (through errata RHSA-2020:2605) compare to the qpid packages from Satellite Tools repository. qpid dependency fixed in errata RHSA-2020:2605 was for Red Hat AMQ Clients and it doesn\u0027t necessarily mean that packages from Satellite Tools are affected. These are two different products with different architecture and code-base. Updating the packages from any other repository than the Satellite-tools repository is not recommended for Satellite Customers. \n\nRed Hat Satellite 6.7 and earlier ship affected version of netty, however, there is no external connection being exposed and it is used by only Artemis to open an internal connection within the JVM. Since netty does not come into contact with untrusted data, vulnerability is not exposed in product code and there is no breach of Confidentiality, Integrity or Availability expected from this vulnerability. We may update the netty and its dependency in a future release.\n\nMore information regarding Satellite related packages can be found on KCS: https://access.redhat.com/solutions/5200591", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Red Hat Data Grid 7.3.7" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2020-11612" }, { "category": "external", "summary": "RHBZ#1816216", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1816216" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2020-11612", "url": "https://www.cve.org/CVERecord?id=CVE-2020-11612" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-11612", "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-11612" } ], "release_date": "2020-01-31T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2020-09-17T13:07:49+00:00", "details": "To install this update, do the following:\n\n1. Download the Data Grid 7.3.7 server patch from the customer portal. See the download link in the References section.\n2. Back up your existing Data Grid installation. You should back up databases, configuration files, and so on.\n3. Install the Data Grid 7.3.7 server patch. Refer to the 7.3 Release Notes for patching instructions.\n4. Restart Data Grid to ensure the changes take effect.", "product_ids": [ "Red Hat Data Grid 7.3.7" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2020:3779" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "Red Hat Data Grid 7.3.7" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "netty: compression/decompression codecs don\u0027t enforce limits on buffer allocation sizes" }, { "cve": "CVE-2020-11619", "cwe": { "id": "CWE-502", "name": "Deserialization of Untrusted Data" }, "discovery_date": "2020-04-08T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1826805" } ], "notes": [ { "category": "description", "text": "A flaw was found in jackson-databind 2.x. The interaction between serialization gadgets and typing is mishandled. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.", "title": "Vulnerability description" }, { "category": "summary", "text": "jackson-databind: Serialization gadgets in org.springframework:spring-aop", "title": "Vulnerability summary" }, { "category": "other", "text": "Red Hat OpenStack Platform ships OpenDaylight, which contains the vulnerable jackson-databind. However, OpenDaylight does not expose jackson-databind in a way that would make it vulnerable, lowering the impact of the vulnerability for OpenDaylight. As such, Red Hat will not be providing a fix for OpenDaylight at this time.\n\nThe PKI module as shipped in Red Hat Enterprise Linux 8 does not enable polymorphic deserialization which is a required configuration for the vulnerability to be used, lowering the impact of the vulnerability for the Product. We may update the jackson-databind dependency in a future release.\n\nWhile OpenShift Container Platform\u0027s elasticsearch plugins do ship the vulnerable component, it doesn\u0027t do any of the unsafe things described in https://access.redhat.com/solutions/3279231. We may update the jackson-databind dependency in a future release.\n\nRed Hat Satellite 6 does not enable polymorphic deserialization which is a required configuration for the vulnerability to be used. We may update the jackson-databind dependency in a future release.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Red Hat Data Grid 7.3.7" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2020-11619" }, { "category": "external", "summary": "RHBZ#1826805", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1826805" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2020-11619", "url": "https://www.cve.org/CVERecord?id=CVE-2020-11619" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-11619", "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-11619" } ], "release_date": "2020-04-06T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2020-09-17T13:07:49+00:00", "details": "To install this update, do the following:\n\n1. Download the Data Grid 7.3.7 server patch from the customer portal. See the download link in the References section.\n2. Back up your existing Data Grid installation. You should back up databases, configuration files, and so on.\n3. Install the Data Grid 7.3.7 server patch. Refer to the 7.3 Release Notes for patching instructions.\n4. Restart Data Grid to ensure the changes take effect.", "product_ids": [ "Red Hat Data Grid 7.3.7" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2020:3779" }, { "category": "workaround", "details": "The following conditions are needed for an exploit, we recommend avoiding all if possible:\n* Deserialization from sources you do not control\n* `enableDefaultTyping()`\n* `@JsonTypeInfo using `id.CLASS` or `id.MINIMAL_CLASS`", "product_ids": [ "Red Hat Data Grid 7.3.7" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.1, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "Red Hat Data Grid 7.3.7" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "jackson-databind: Serialization gadgets in org.springframework:spring-aop" }, { "cve": "CVE-2020-11620", "cwe": { "id": "CWE-502", "name": "Deserialization of Untrusted Data" }, "discovery_date": "2020-04-08T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1826798" } ], "notes": [ { "category": "description", "text": "A flaw was found in jackson-databind 2.x. The interaction between serialization gadgets and typing is mishandled. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.", "title": "Vulnerability description" }, { "category": "summary", "text": "jackson-databind: Serialization gadgets in commons-jelly:commons-jelly", "title": "Vulnerability summary" }, { "category": "other", "text": "Red Hat OpenStack Platform ships OpenDaylight, which contains the vulnerable jackson-databind. However, OpenDaylight does not expose jackson-databind in a way that would make it vulnerable, lowering the impact of the vulnerability for OpenDaylight. As such, Red Hat will not be providing a fix for OpenDaylight at this time.\n\nThe PKI module as shipped in Red Hat Enterprise Linux 8 does not enable polymorphic deserialization which is a required configuration for the vulnerability to be used, lowering the impact of the vulnerability for the Product. We may update the jackson-databind dependency in a future release.\n\nWhile OpenShift Container Platform\u0027s elasticsearch plugins do ship the vulnerable component, it doesn\u0027t do any of the unsafe things described in https://access.redhat.com/solutions/3279231. We may update the jackson-databind dependency in a future release.\n\nRed Hat Satellite 6 does not enable polymorphic deserialization which is a required configuration for the vulnerability to be used. We may update the jackson-databind dependency in a future release.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Red Hat Data Grid 7.3.7" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2020-11620" }, { "category": "external", "summary": "RHBZ#1826798", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1826798" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2020-11620", "url": "https://www.cve.org/CVERecord?id=CVE-2020-11620" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-11620", "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-11620" } ], "release_date": "2020-04-07T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2020-09-17T13:07:49+00:00", "details": "To install this update, do the following:\n\n1. Download the Data Grid 7.3.7 server patch from the customer portal. See the download link in the References section.\n2. Back up your existing Data Grid installation. You should back up databases, configuration files, and so on.\n3. Install the Data Grid 7.3.7 server patch. Refer to the 7.3 Release Notes for patching instructions.\n4. Restart Data Grid to ensure the changes take effect.", "product_ids": [ "Red Hat Data Grid 7.3.7" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2020:3779" }, { "category": "workaround", "details": "The following conditions are needed for an exploit, we recommend avoiding all if possible:\n* Deserialization from sources you do not control\n* `enableDefaultTyping()`\n* `@JsonTypeInfo using `id.CLASS` or `id.MINIMAL_CLASS`", "product_ids": [ "Red Hat Data Grid 7.3.7" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.1, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "Red Hat Data Grid 7.3.7" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "jackson-databind: Serialization gadgets in commons-jelly:commons-jelly" } ] }
rhsa-2020_3463
Vulnerability from csaf_redhat
Published
2020-08-17 13:28
Modified
2024-11-05 22:38
Summary
Red Hat Security Advisory: Red Hat JBoss Enterprise Application Platform 7.3.2 security update
Notes
Topic
An update is now available for Red Hat JBoss Enterprise Application Platform 7.3 for Red Hat Enterprise Linux 8.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details
Red Hat JBoss Enterprise Application Platform 7 is a platform for Java applications based on the WildFly application runtime.
This release of Red Hat JBoss Enterprise Application Platform 7.3.2 serves as a replacement for Red Hat JBoss Enterprise Application Platform 7.3.1 and includes bug fixes and enhancements. See the Red Hat JBoss Enterprise Application Platform 7.3.2 Release Notes for information about the most significant bug fixes and enhancements included in this release.
Security Fix(es):
* wildfly: exposed setting of TCCL via the EmbeddedManagedProcess API (CVE-2020-10718)
* dom4j: XML External Entity vulnerability in default SAX parser (CVE-2020-10683)
* wildfly-elytron: session fixation when using FORM authentication (CVE-2020-10714)
* wildfly-undertow: Undertow: Incomplete fix for CVE-2017-2666 due to permitting invalid characters in HTTP requests (CVE-2020-10687)
* jackson-databind: mishandles the interaction between serialization gadgets and typing which could result in remote command execution (CVE-2020-10673)
* hibernate-core: hibernate: SQL injection issue in Hibernate ORM (CVE-2019-14900)
* wildfly: unsafe deserialization in Wildfly Enterprise Java Beans (CVE-2020-10740)
* jackson-databind: mishandles the interaction between serialization gadgets and typing which could result in remote command execution (CVE-2020-10672)
* undertow: EAP: field-name is not parsed in accordance to RFC7230 (CVE-2020-1710)
* hibernate-validator: Improper input validation in the interpolation of constraint error messages (CVE-2020-10693)
* wildfly: Improper authorization issue in WildFlySecurityManager when using alternative protection domain (CVE-2020-1748)
* wildfly: Some EJB transaction objects may get accumulated causing Denial of Service (CVE-2020-14297)
For more details about the security issue(s), including the impact, a CVSS score, and other related information, see the CVE page(s) listed in the References section.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{ "document": { "aggregate_severity": { "namespace": "https://access.redhat.com/security/updates/classification/", "text": "Important" }, "category": "csaf_security_advisory", "csaf_version": "2.0", "distribution": { "text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.", "tlp": { "label": "WHITE", "url": "https://www.first.org/tlp/" } }, "lang": "en", "notes": [ { "category": "summary", "text": "An update is now available for Red Hat JBoss Enterprise Application Platform 7.3 for Red Hat Enterprise Linux 8.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.", "title": "Topic" }, { "category": "general", "text": "Red Hat JBoss Enterprise Application Platform 7 is a platform for Java applications based on the WildFly application runtime.\n\nThis release of Red Hat JBoss Enterprise Application Platform 7.3.2 serves as a replacement for Red Hat JBoss Enterprise Application Platform 7.3.1 and includes bug fixes and enhancements. See the Red Hat JBoss Enterprise Application Platform 7.3.2 Release Notes for information about the most significant bug fixes and enhancements included in this release.\n\nSecurity Fix(es):\n\n* wildfly: exposed setting of TCCL via the EmbeddedManagedProcess API (CVE-2020-10718)\n\n* dom4j: XML External Entity vulnerability in default SAX parser (CVE-2020-10683)\n\n* wildfly-elytron: session fixation when using FORM authentication (CVE-2020-10714)\n\n* wildfly-undertow: Undertow: Incomplete fix for CVE-2017-2666 due to permitting invalid characters in HTTP requests (CVE-2020-10687)\n\n* jackson-databind: mishandles the interaction between serialization gadgets and typing which could result in remote command execution (CVE-2020-10673)\n\n* hibernate-core: hibernate: SQL injection issue in Hibernate ORM (CVE-2019-14900)\n\n* wildfly: unsafe deserialization in Wildfly Enterprise Java Beans (CVE-2020-10740)\n\n* jackson-databind: mishandles the interaction between serialization gadgets and typing which could result in remote command execution (CVE-2020-10672)\n\n* undertow: EAP: field-name is not parsed in accordance to RFC7230 (CVE-2020-1710)\n\n* hibernate-validator: Improper input validation in the interpolation of constraint error messages (CVE-2020-10693)\n\n* wildfly: Improper authorization issue in WildFlySecurityManager when using alternative protection domain (CVE-2020-1748)\n\n* wildfly: Some EJB transaction objects may get accumulated causing Denial of Service (CVE-2020-14297)\n\nFor more details about the security issue(s), including the impact, a CVSS score, and other related information, see the CVE page(s) listed in the References section.", "title": "Details" }, { "category": "legal_disclaimer", "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.", "title": "Terms of Use" } ], "publisher": { "category": "vendor", "contact_details": "https://access.redhat.com/security/team/contact/", "issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.", "name": "Red Hat Product Security", "namespace": "https://www.redhat.com" }, "references": [ { "category": "self", "summary": "https://access.redhat.com/errata/RHSA-2020:3463", "url": "https://access.redhat.com/errata/RHSA-2020:3463" }, { "category": "external", "summary": "https://access.redhat.com/security/updates/classification/#important", "url": "https://access.redhat.com/security/updates/classification/#important" }, { "category": "external", "summary": "https://access.redhat.com/documentation/en-us/red_hat_jboss_enterprise_application_platform/7.3/", "url": "https://access.redhat.com/documentation/en-us/red_hat_jboss_enterprise_application_platform/7.3/" }, { "category": "external", "summary": "https://access.redhat.com/documentation/en-us/red_hat_jboss_enterprise_application_platform/7.3/html-single/installation_guide/", "url": "https://access.redhat.com/documentation/en-us/red_hat_jboss_enterprise_application_platform/7.3/html-single/installation_guide/" }, { "category": "external", "summary": "1666499", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1666499" }, { "category": "external", "summary": "1694235", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1694235" }, { "category": "external", "summary": "1785049", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1785049" }, { "category": "external", "summary": "1793970", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1793970" }, { "category": "external", "summary": "1805501", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1805501" }, { "category": "external", "summary": "1807707", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1807707" }, { "category": "external", "summary": "1815470", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1815470" }, { "category": "external", "summary": "1815495", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1815495" }, { "category": "external", "summary": "1825714", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1825714" }, { "category": "external", "summary": "1828476", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1828476" }, { "category": "external", "summary": "1834512", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1834512" }, { "category": "external", "summary": "1853595", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1853595" }, { "category": "external", "summary": "JBEAP-19095", "url": "https://issues.redhat.com/browse/JBEAP-19095" }, { "category": "external", "summary": "JBEAP-19134", "url": "https://issues.redhat.com/browse/JBEAP-19134" }, { "category": "external", "summary": "JBEAP-19185", "url": "https://issues.redhat.com/browse/JBEAP-19185" }, { "category": "external", "summary": "JBEAP-19203", "url": "https://issues.redhat.com/browse/JBEAP-19203" }, { "category": "external", "summary": "JBEAP-19269", "url": "https://issues.redhat.com/browse/JBEAP-19269" }, { "category": "external", "summary": "JBEAP-19322", "url": "https://issues.redhat.com/browse/JBEAP-19322" }, { "category": "external", "summary": "JBEAP-19325", "url": "https://issues.redhat.com/browse/JBEAP-19325" }, { "category": "external", "summary": "JBEAP-19397", "url": "https://issues.redhat.com/browse/JBEAP-19397" }, { "category": "external", "summary": "JBEAP-19410", "url": "https://issues.redhat.com/browse/JBEAP-19410" }, { "category": "external", "summary": "JBEAP-19411", "url": "https://issues.redhat.com/browse/JBEAP-19411" }, { "category": "external", "summary": "JBEAP-19529", "url": "https://issues.redhat.com/browse/JBEAP-19529" }, { "category": "external", "summary": "JBEAP-19564", "url": "https://issues.redhat.com/browse/JBEAP-19564" }, { "category": "external", "summary": "JBEAP-19585", "url": "https://issues.redhat.com/browse/JBEAP-19585" }, { "category": "external", "summary": "JBEAP-19617", "url": "https://issues.redhat.com/browse/JBEAP-19617" }, { "category": "external", "summary": "JBEAP-19619", "url": "https://issues.redhat.com/browse/JBEAP-19619" }, { "category": "external", "summary": "JBEAP-19673", "url": "https://issues.redhat.com/browse/JBEAP-19673" }, { "category": "external", "summary": "JBEAP-19674", "url": "https://issues.redhat.com/browse/JBEAP-19674" }, { "category": "external", "summary": "JBEAP-19874", "url": "https://issues.redhat.com/browse/JBEAP-19874" }, { "category": "self", "summary": "Canonical URL", "url": "https://security.access.redhat.com/data/csaf/v2/advisories/2020/rhsa-2020_3463.json" } ], "title": "Red Hat Security Advisory: Red Hat JBoss Enterprise Application Platform 7.3.2 security update", "tracking": { "current_release_date": "2024-11-05T22:38:18+00:00", "generator": { "date": "2024-11-05T22:38:18+00:00", "engine": { "name": "Red Hat SDEngine", "version": "4.1.1" } }, "id": "RHSA-2020:3463", "initial_release_date": "2020-08-17T13:28:45+00:00", "revision_history": [ { "date": "2020-08-17T13:28:45+00:00", "number": "1", "summary": "Initial version" }, { "date": "2020-08-17T13:28:45+00:00", "number": "2", "summary": "Last updated version" }, { "date": "2024-11-05T22:38:18+00:00", "number": "3", "summary": "Last generated version" } ], "status": "final", "version": "3" } }, "product_tree": { "branches": [ { "branches": [ { "branches": [ { "category": "product_name", "name": "Red Hat JBoss EAP 7.3 for BaseOS-8", "product": { "name": "Red Hat JBoss EAP 7.3 for BaseOS-8", "product_id": "8Base-JBEAP-7.3", "product_identification_helper": { "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:7.3::el8" } } } ], "category": "product_family", "name": "Red Hat JBoss Enterprise Application Platform" }, { "branches": [ { "category": "product_version", "name": "eap7-elytron-web-0:1.6.2-1.Final_redhat_00001.1.el8eap.src", "product": { "name": "eap7-elytron-web-0:1.6.2-1.Final_redhat_00001.1.el8eap.src", "product_id": "eap7-elytron-web-0:1.6.2-1.Final_redhat_00001.1.el8eap.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-elytron-web@1.6.2-1.Final_redhat_00001.1.el8eap?arch=src" } } }, { "category": "product_version", "name": "eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el8eap.src", "product": { "name": "eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el8eap.src", "product_id": "eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el8eap.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jboss-xnio-base@3.7.8-1.SP1_redhat_00001.1.el8eap?arch=src" } } }, { "category": "product_version", "name": "eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el8eap.src", "product": { "name": "eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el8eap.src", "product_id": "eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el8eap.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-glassfish-jsf@2.3.9-11.SP11_redhat_00001.1.el8eap?arch=src" } } }, { "category": "product_version", "name": "eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el8eap.src", "product": { "name": "eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el8eap.src", "product_id": "eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el8eap.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jboss-jsf-api_2.3_spec@3.0.0-4.SP04_redhat_00001.1.el8eap?arch=src" } } }, { "category": "product_version", "name": "eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el8eap.src", "product": { "name": "eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el8eap.src", "product_id": "eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el8eap.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-wildfly-elytron@1.10.7-1.Final_redhat_00001.1.el8eap?arch=src" } } }, { "category": "product_version", "name": "eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el8eap.src", "product": { "name": "eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el8eap.src", "product_id": "eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el8eap.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-netty@4.1.48-1.Final_redhat_00001.1.el8eap?arch=src" } } }, { "category": "product_version", "name": "eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el8eap.src", "product": { "name": "eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el8eap.src", "product_id": "eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el8eap.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-infinispan@9.4.19-1.Final_redhat_00001.1.el8eap?arch=src" } } }, { "category": "product_version", "name": "eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el8eap.src", "product": { "name": "eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el8eap.src", "product_id": "eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el8eap.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jackson-databind@2.10.4-1.redhat_00001.1.el8eap?arch=src" } } }, { "category": "product_version", "name": "eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el8eap.src", "product": { "name": "eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el8eap.src", "product_id": "eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el8eap.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-wildfly-common@1.5.2-1.Final_redhat_00002.1.el8eap?arch=src" } } }, { "category": "product_version", "name": "eap7-dom4j-0:2.1.3-1.redhat_00001.1.el8eap.src", "product": { "name": "eap7-dom4j-0:2.1.3-1.redhat_00001.1.el8eap.src", "product_id": "eap7-dom4j-0:2.1.3-1.redhat_00001.1.el8eap.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-dom4j@2.1.3-1.redhat_00001.1.el8eap?arch=src" } } }, { "category": "product_version", "name": "eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el8eap.src", "product": { "name": "eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el8eap.src", "product_id": "eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el8eap.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jboss-logmanager@2.1.15-1.Final_redhat_00001.1.el8eap?arch=src" } } }, { "category": "product_version", "name": "eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el8eap.src", "product": { "name": "eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el8eap.src", "product_id": "eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el8eap.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-hibernate@5.3.17-1.Final_redhat_00001.1.el8eap?arch=src" } } }, { "category": "product_version", "name": "eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el8eap.src", "product": { "name": "eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el8eap.src", "product_id": "eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el8eap.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-hibernate-validator@6.0.20-1.Final_redhat_00001.1.el8eap?arch=src" } } }, { "category": "product_version", "name": "eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el8eap.src", "product": { "name": "eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el8eap.src", "product_id": "eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el8eap.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jboss-genericjms@2.0.6-1.Final_redhat_00001.1.el8eap?arch=src" } } }, { "category": "product_version", "name": "eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el8eap.src", "product": { "name": "eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el8eap.src", "product_id": "eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el8eap.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-hal-console@3.2.9-1.Final_redhat_00001.1.el8eap?arch=src" } } }, { "category": "product_version", "name": "eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el8eap.src", "product": { "name": "eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el8eap.src", "product_id": "eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el8eap.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-ironjacamar@1.4.22-1.Final_redhat_00001.1.el8eap?arch=src" } } }, { "category": "product_version", "name": "eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el8eap.src", "product": { "name": "eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el8eap.src", "product_id": "eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el8eap.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-undertow@2.0.30-4.SP4_redhat_00001.1.el8eap?arch=src" } } }, { "category": "product_version", "name": "eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el8eap.src", "product": { "name": "eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el8eap.src", "product_id": "eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el8eap.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jackson-annotations@2.10.4-1.redhat_00001.1.el8eap?arch=src" } } }, { "category": "product_version", "name": "eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el8eap.src", "product": { "name": "eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el8eap.src", "product_id": "eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el8eap.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jackson-core@2.10.4-1.redhat_00001.1.el8eap?arch=src" } } }, { "category": "product_version", "name": "eap7-jackson-jaxrs-providers-0:2.10.4-1.redhat_00001.1.el8eap.src", "product": { "name": "eap7-jackson-jaxrs-providers-0:2.10.4-1.redhat_00001.1.el8eap.src", "product_id": "eap7-jackson-jaxrs-providers-0:2.10.4-1.redhat_00001.1.el8eap.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jackson-jaxrs-providers@2.10.4-1.redhat_00001.1.el8eap?arch=src" } } }, { "category": "product_version", "name": "eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el8eap.src", "product": { "name": "eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el8eap.src", "product_id": "eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el8eap.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jackson-modules-java8@2.10.4-1.redhat_00001.1.el8eap?arch=src" } } }, { "category": "product_version", "name": "eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el8eap.src", "product": { "name": "eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el8eap.src", "product_id": "eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el8eap.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jackson-modules-base@2.10.4-1.redhat_00001.1.el8eap?arch=src" } } }, { "category": "product_version", "name": "eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el8eap.src", "product": { "name": "eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el8eap.src", "product_id": "eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el8eap.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jboss-server-migration@1.7.1-7.Final_redhat_00009.1.el8eap?arch=src" } } }, { "category": "product_version", "name": "eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.src", "product": { "name": "eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.src", "product_id": "eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-wildfly-http-client@1.0.22-1.Final_redhat_00001.1.el8eap?arch=src" } } }, { "category": "product_version", "name": "eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el8eap.src", "product": { "name": "eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el8eap.src", "product_id": "eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el8eap.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-wildfly@7.3.2-4.GA_redhat_00002.1.el8eap?arch=src" } } } ], "category": "architecture", "name": "src" }, { "branches": [ { "category": "product_version", "name": "eap7-undertow-server-0:1.6.2-1.Final_redhat_00001.1.el8eap.noarch", "product": { "name": "eap7-undertow-server-0:1.6.2-1.Final_redhat_00001.1.el8eap.noarch", "product_id": "eap7-undertow-server-0:1.6.2-1.Final_redhat_00001.1.el8eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-undertow-server@1.6.2-1.Final_redhat_00001.1.el8eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el8eap.noarch", "product": { "name": "eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el8eap.noarch", "product_id": "eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el8eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jboss-xnio-base@3.7.8-1.SP1_redhat_00001.1.el8eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el8eap.noarch", "product": { "name": "eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el8eap.noarch", "product_id": "eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el8eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-glassfish-jsf@2.3.9-11.SP11_redhat_00001.1.el8eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el8eap.noarch", "product": { "name": "eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el8eap.noarch", "product_id": "eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el8eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jboss-jsf-api_2.3_spec@3.0.0-4.SP04_redhat_00001.1.el8eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el8eap.noarch", "product": { "name": "eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el8eap.noarch", "product_id": "eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el8eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-wildfly-elytron@1.10.7-1.Final_redhat_00001.1.el8eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-wildfly-elytron-tool-0:1.10.7-1.Final_redhat_00001.1.el8eap.noarch", "product": { "name": "eap7-wildfly-elytron-tool-0:1.10.7-1.Final_redhat_00001.1.el8eap.noarch", "product_id": "eap7-wildfly-elytron-tool-0:1.10.7-1.Final_redhat_00001.1.el8eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-wildfly-elytron-tool@1.10.7-1.Final_redhat_00001.1.el8eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el8eap.noarch", "product": { "name": "eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el8eap.noarch", "product_id": "eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el8eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-netty@4.1.48-1.Final_redhat_00001.1.el8eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-netty-all-0:4.1.48-1.Final_redhat_00001.1.el8eap.noarch", "product": { "name": "eap7-netty-all-0:4.1.48-1.Final_redhat_00001.1.el8eap.noarch", "product_id": "eap7-netty-all-0:4.1.48-1.Final_redhat_00001.1.el8eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-netty-all@4.1.48-1.Final_redhat_00001.1.el8eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch", "product": { "name": "eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch", "product_id": "eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-infinispan@9.4.19-1.Final_redhat_00001.1.el8eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-infinispan-cachestore-jdbc-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch", "product": { "name": "eap7-infinispan-cachestore-jdbc-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch", "product_id": "eap7-infinispan-cachestore-jdbc-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-infinispan-cachestore-jdbc@9.4.19-1.Final_redhat_00001.1.el8eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-infinispan-cachestore-remote-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch", "product": { "name": "eap7-infinispan-cachestore-remote-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch", "product_id": "eap7-infinispan-cachestore-remote-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-infinispan-cachestore-remote@9.4.19-1.Final_redhat_00001.1.el8eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-infinispan-client-hotrod-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch", "product": { "name": "eap7-infinispan-client-hotrod-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch", "product_id": "eap7-infinispan-client-hotrod-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-infinispan-client-hotrod@9.4.19-1.Final_redhat_00001.1.el8eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-infinispan-commons-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch", "product": { "name": "eap7-infinispan-commons-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch", "product_id": "eap7-infinispan-commons-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-infinispan-commons@9.4.19-1.Final_redhat_00001.1.el8eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-infinispan-core-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch", "product": { "name": "eap7-infinispan-core-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch", "product_id": "eap7-infinispan-core-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-infinispan-core@9.4.19-1.Final_redhat_00001.1.el8eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-infinispan-hibernate-cache-commons-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch", "product": { "name": "eap7-infinispan-hibernate-cache-commons-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch", "product_id": "eap7-infinispan-hibernate-cache-commons-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-infinispan-hibernate-cache-commons@9.4.19-1.Final_redhat_00001.1.el8eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-infinispan-hibernate-cache-spi-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch", "product": { "name": "eap7-infinispan-hibernate-cache-spi-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch", "product_id": "eap7-infinispan-hibernate-cache-spi-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-infinispan-hibernate-cache-spi@9.4.19-1.Final_redhat_00001.1.el8eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-infinispan-hibernate-cache-v53-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch", "product": { "name": "eap7-infinispan-hibernate-cache-v53-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch", "product_id": "eap7-infinispan-hibernate-cache-v53-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-infinispan-hibernate-cache-v53@9.4.19-1.Final_redhat_00001.1.el8eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el8eap.noarch", "product": { "name": "eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el8eap.noarch", "product_id": "eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el8eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jackson-databind@2.10.4-1.redhat_00001.1.el8eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el8eap.noarch", "product": { "name": "eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el8eap.noarch", "product_id": "eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el8eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-wildfly-common@1.5.2-1.Final_redhat_00002.1.el8eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-dom4j-0:2.1.3-1.redhat_00001.1.el8eap.noarch", "product": { "name": "eap7-dom4j-0:2.1.3-1.redhat_00001.1.el8eap.noarch", "product_id": "eap7-dom4j-0:2.1.3-1.redhat_00001.1.el8eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-dom4j@2.1.3-1.redhat_00001.1.el8eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el8eap.noarch", "product": { "name": "eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el8eap.noarch", "product_id": "eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el8eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jboss-logmanager@2.1.15-1.Final_redhat_00001.1.el8eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "product": { "name": "eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "product_id": "eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-hibernate@5.3.17-1.Final_redhat_00001.1.el8eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "product": { "name": "eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "product_id": "eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-hibernate-core@5.3.17-1.Final_redhat_00001.1.el8eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "product": { "name": "eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "product_id": "eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-hibernate-entitymanager@5.3.17-1.Final_redhat_00001.1.el8eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "product": { "name": "eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "product_id": "eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-hibernate-envers@5.3.17-1.Final_redhat_00001.1.el8eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "product": { "name": "eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "product_id": "eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-hibernate-java8@5.3.17-1.Final_redhat_00001.1.el8eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el8eap.noarch", "product": { "name": "eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el8eap.noarch", "product_id": "eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el8eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-hibernate-validator@6.0.20-1.Final_redhat_00001.1.el8eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el8eap.noarch", "product": { "name": "eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el8eap.noarch", "product_id": "eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el8eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-hibernate-validator-cdi@6.0.20-1.Final_redhat_00001.1.el8eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el8eap.noarch", "product": { "name": "eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el8eap.noarch", "product_id": "eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el8eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jboss-genericjms@2.0.6-1.Final_redhat_00001.1.el8eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el8eap.noarch", "product": { "name": "eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el8eap.noarch", "product_id": "eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el8eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-hal-console@3.2.9-1.Final_redhat_00001.1.el8eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "product": { "name": "eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "product_id": "eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-ironjacamar@1.4.22-1.Final_redhat_00001.1.el8eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "product": { "name": "eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "product_id": "eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-ironjacamar-common-api@1.4.22-1.Final_redhat_00001.1.el8eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "product": { "name": "eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "product_id": "eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-ironjacamar-common-impl@1.4.22-1.Final_redhat_00001.1.el8eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "product": { "name": "eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "product_id": "eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-ironjacamar-common-spi@1.4.22-1.Final_redhat_00001.1.el8eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "product": { "name": "eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "product_id": "eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-ironjacamar-core-api@1.4.22-1.Final_redhat_00001.1.el8eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "product": { "name": "eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "product_id": "eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-ironjacamar-core-impl@1.4.22-1.Final_redhat_00001.1.el8eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "product": { "name": "eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "product_id": "eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-ironjacamar-deployers-common@1.4.22-1.Final_redhat_00001.1.el8eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "product": { "name": "eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "product_id": "eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-ironjacamar-jdbc@1.4.22-1.Final_redhat_00001.1.el8eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "product": { "name": "eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "product_id": "eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-ironjacamar-validator@1.4.22-1.Final_redhat_00001.1.el8eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el8eap.noarch", "product": { "name": "eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el8eap.noarch", "product_id": "eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el8eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-undertow@2.0.30-4.SP4_redhat_00001.1.el8eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el8eap.noarch", "product": { "name": "eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el8eap.noarch", "product_id": "eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el8eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jackson-annotations@2.10.4-1.redhat_00001.1.el8eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el8eap.noarch", "product": { "name": "eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el8eap.noarch", "product_id": "eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el8eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jackson-core@2.10.4-1.redhat_00001.1.el8eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-jackson-jaxrs-base-0:2.10.4-1.redhat_00001.1.el8eap.noarch", "product": { "name": "eap7-jackson-jaxrs-base-0:2.10.4-1.redhat_00001.1.el8eap.noarch", "product_id": "eap7-jackson-jaxrs-base-0:2.10.4-1.redhat_00001.1.el8eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jackson-jaxrs-base@2.10.4-1.redhat_00001.1.el8eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-jackson-jaxrs-json-provider-0:2.10.4-1.redhat_00001.1.el8eap.noarch", "product": { "name": "eap7-jackson-jaxrs-json-provider-0:2.10.4-1.redhat_00001.1.el8eap.noarch", "product_id": "eap7-jackson-jaxrs-json-provider-0:2.10.4-1.redhat_00001.1.el8eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jackson-jaxrs-json-provider@2.10.4-1.redhat_00001.1.el8eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-jackson-datatype-jdk8-0:2.10.4-1.redhat_00001.1.el8eap.noarch", "product": { "name": "eap7-jackson-datatype-jdk8-0:2.10.4-1.redhat_00001.1.el8eap.noarch", "product_id": "eap7-jackson-datatype-jdk8-0:2.10.4-1.redhat_00001.1.el8eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jackson-datatype-jdk8@2.10.4-1.redhat_00001.1.el8eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-jackson-datatype-jsr310-0:2.10.4-1.redhat_00001.1.el8eap.noarch", "product": { "name": "eap7-jackson-datatype-jsr310-0:2.10.4-1.redhat_00001.1.el8eap.noarch", "product_id": "eap7-jackson-datatype-jsr310-0:2.10.4-1.redhat_00001.1.el8eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jackson-datatype-jsr310@2.10.4-1.redhat_00001.1.el8eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el8eap.noarch", "product": { "name": "eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el8eap.noarch", "product_id": "eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el8eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jackson-modules-java8@2.10.4-1.redhat_00001.1.el8eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-jackson-module-jaxb-annotations-0:2.10.4-1.redhat_00001.1.el8eap.noarch", "product": { "name": "eap7-jackson-module-jaxb-annotations-0:2.10.4-1.redhat_00001.1.el8eap.noarch", "product_id": "eap7-jackson-module-jaxb-annotations-0:2.10.4-1.redhat_00001.1.el8eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jackson-module-jaxb-annotations@2.10.4-1.redhat_00001.1.el8eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el8eap.noarch", "product": { "name": "eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el8eap.noarch", "product_id": "eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el8eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jackson-modules-base@2.10.4-1.redhat_00001.1.el8eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "product": { "name": "eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "product_id": "eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jboss-server-migration@1.7.1-7.Final_redhat_00009.1.el8eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-jboss-server-migration-cli-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "product": { "name": "eap7-jboss-server-migration-cli-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "product_id": "eap7-jboss-server-migration-cli-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jboss-server-migration-cli@1.7.1-7.Final_redhat_00009.1.el8eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-jboss-server-migration-core-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "product": { "name": "eap7-jboss-server-migration-core-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "product_id": "eap7-jboss-server-migration-core-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jboss-server-migration-core@1.7.1-7.Final_redhat_00009.1.el8eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-jboss-server-migration-eap6.4-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "product": { "name": "eap7-jboss-server-migration-eap6.4-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "product_id": "eap7-jboss-server-migration-eap6.4-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jboss-server-migration-eap6.4@1.7.1-7.Final_redhat_00009.1.el8eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "product": { "name": "eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "product_id": "eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jboss-server-migration-eap6.4-to-eap7.3@1.7.1-7.Final_redhat_00009.1.el8eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-jboss-server-migration-eap7.0-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "product": { "name": "eap7-jboss-server-migration-eap7.0-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "product_id": "eap7-jboss-server-migration-eap7.0-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jboss-server-migration-eap7.0@1.7.1-7.Final_redhat_00009.1.el8eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-jboss-server-migration-eap7.1-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "product": { "name": "eap7-jboss-server-migration-eap7.1-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "product_id": "eap7-jboss-server-migration-eap7.1-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jboss-server-migration-eap7.1@1.7.1-7.Final_redhat_00009.1.el8eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-jboss-server-migration-eap7.2-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "product": { "name": "eap7-jboss-server-migration-eap7.2-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "product_id": "eap7-jboss-server-migration-eap7.2-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jboss-server-migration-eap7.2@1.7.1-7.Final_redhat_00009.1.el8eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "product": { "name": "eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "product_id": "eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jboss-server-migration-eap7.2-to-eap7.3@1.7.1-7.Final_redhat_00009.1.el8eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-jboss-server-migration-eap7.3-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "product": { "name": "eap7-jboss-server-migration-eap7.3-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "product_id": "eap7-jboss-server-migration-eap7.3-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jboss-server-migration-eap7.3-server@1.7.1-7.Final_redhat_00009.1.el8eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-jboss-server-migration-wildfly10.0-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "product": { "name": "eap7-jboss-server-migration-wildfly10.0-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "product_id": "eap7-jboss-server-migration-wildfly10.0-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jboss-server-migration-wildfly10.0@1.7.1-7.Final_redhat_00009.1.el8eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-jboss-server-migration-wildfly10.1-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "product": { "name": "eap7-jboss-server-migration-wildfly10.1-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "product_id": "eap7-jboss-server-migration-wildfly10.1-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jboss-server-migration-wildfly10.1@1.7.1-7.Final_redhat_00009.1.el8eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-jboss-server-migration-wildfly11.0-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "product": { "name": "eap7-jboss-server-migration-wildfly11.0-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "product_id": "eap7-jboss-server-migration-wildfly11.0-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jboss-server-migration-wildfly11.0@1.7.1-7.Final_redhat_00009.1.el8eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-jboss-server-migration-wildfly12.0-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "product": { "name": "eap7-jboss-server-migration-wildfly12.0-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "product_id": "eap7-jboss-server-migration-wildfly12.0-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jboss-server-migration-wildfly12.0@1.7.1-7.Final_redhat_00009.1.el8eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-jboss-server-migration-wildfly13.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "product": { "name": "eap7-jboss-server-migration-wildfly13.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "product_id": "eap7-jboss-server-migration-wildfly13.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jboss-server-migration-wildfly13.0-server@1.7.1-7.Final_redhat_00009.1.el8eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-jboss-server-migration-wildfly14.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "product": { "name": "eap7-jboss-server-migration-wildfly14.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "product_id": "eap7-jboss-server-migration-wildfly14.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jboss-server-migration-wildfly14.0-server@1.7.1-7.Final_redhat_00009.1.el8eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-jboss-server-migration-wildfly15.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "product": { "name": "eap7-jboss-server-migration-wildfly15.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "product_id": "eap7-jboss-server-migration-wildfly15.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jboss-server-migration-wildfly15.0-server@1.7.1-7.Final_redhat_00009.1.el8eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-jboss-server-migration-wildfly16.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "product": { "name": "eap7-jboss-server-migration-wildfly16.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "product_id": "eap7-jboss-server-migration-wildfly16.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jboss-server-migration-wildfly16.0-server@1.7.1-7.Final_redhat_00009.1.el8eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-jboss-server-migration-wildfly17.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "product": { "name": "eap7-jboss-server-migration-wildfly17.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "product_id": "eap7-jboss-server-migration-wildfly17.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jboss-server-migration-wildfly17.0-server@1.7.1-7.Final_redhat_00009.1.el8eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-jboss-server-migration-wildfly18.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "product": { "name": "eap7-jboss-server-migration-wildfly18.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "product_id": "eap7-jboss-server-migration-wildfly18.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jboss-server-migration-wildfly18.0-server@1.7.1-7.Final_redhat_00009.1.el8eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-jboss-server-migration-wildfly8.2-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "product": { "name": "eap7-jboss-server-migration-wildfly8.2-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "product_id": "eap7-jboss-server-migration-wildfly8.2-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jboss-server-migration-wildfly8.2@1.7.1-7.Final_redhat_00009.1.el8eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-jboss-server-migration-wildfly9.0-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "product": { "name": "eap7-jboss-server-migration-wildfly9.0-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "product_id": "eap7-jboss-server-migration-wildfly9.0-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jboss-server-migration-wildfly9.0@1.7.1-7.Final_redhat_00009.1.el8eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch", "product": { "name": "eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch", "product_id": "eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-wildfly-http-client-common@1.0.22-1.Final_redhat_00001.1.el8eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch", "product": { "name": "eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch", "product_id": "eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-wildfly-http-ejb-client@1.0.22-1.Final_redhat_00001.1.el8eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch", "product": { "name": "eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch", "product_id": "eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-wildfly-http-naming-client@1.0.22-1.Final_redhat_00001.1.el8eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch", "product": { "name": "eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch", "product_id": "eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-wildfly-http-transaction-client@1.0.22-1.Final_redhat_00001.1.el8eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el8eap.noarch", "product": { "name": "eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el8eap.noarch", "product_id": "eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el8eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-wildfly@7.3.2-4.GA_redhat_00002.1.el8eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-wildfly-javadocs-0:7.3.2-4.GA_redhat_00002.1.el8eap.noarch", "product": { "name": "eap7-wildfly-javadocs-0:7.3.2-4.GA_redhat_00002.1.el8eap.noarch", "product_id": "eap7-wildfly-javadocs-0:7.3.2-4.GA_redhat_00002.1.el8eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-wildfly-javadocs@7.3.2-4.GA_redhat_00002.1.el8eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-wildfly-modules-0:7.3.2-4.GA_redhat_00002.1.el8eap.noarch", "product": { "name": "eap7-wildfly-modules-0:7.3.2-4.GA_redhat_00002.1.el8eap.noarch", "product_id": "eap7-wildfly-modules-0:7.3.2-4.GA_redhat_00002.1.el8eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-wildfly-modules@7.3.2-4.GA_redhat_00002.1.el8eap?arch=noarch" } } } ], "category": "architecture", "name": "noarch" } ], "category": "vendor", "name": "Red Hat" } ], "relationships": [ { "category": "default_component_of", "full_product_name": { "name": "eap7-dom4j-0:2.1.3-1.redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.3 for BaseOS-8", "product_id": "8Base-JBEAP-7.3:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el8eap.noarch" }, "product_reference": "eap7-dom4j-0:2.1.3-1.redhat_00001.1.el8eap.noarch", "relates_to_product_reference": "8Base-JBEAP-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-dom4j-0:2.1.3-1.redhat_00001.1.el8eap.src as a component of Red Hat JBoss EAP 7.3 for BaseOS-8", "product_id": "8Base-JBEAP-7.3:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el8eap.src" }, "product_reference": "eap7-dom4j-0:2.1.3-1.redhat_00001.1.el8eap.src", "relates_to_product_reference": "8Base-JBEAP-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-elytron-web-0:1.6.2-1.Final_redhat_00001.1.el8eap.src as a component of Red Hat JBoss EAP 7.3 for BaseOS-8", "product_id": "8Base-JBEAP-7.3:eap7-elytron-web-0:1.6.2-1.Final_redhat_00001.1.el8eap.src" }, "product_reference": "eap7-elytron-web-0:1.6.2-1.Final_redhat_00001.1.el8eap.src", "relates_to_product_reference": "8Base-JBEAP-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.3 for BaseOS-8", "product_id": "8Base-JBEAP-7.3:eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el8eap.noarch" }, "product_reference": "eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el8eap.noarch", "relates_to_product_reference": "8Base-JBEAP-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el8eap.src as a component of Red Hat JBoss EAP 7.3 for BaseOS-8", "product_id": "8Base-JBEAP-7.3:eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el8eap.src" }, "product_reference": "eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el8eap.src", "relates_to_product_reference": "8Base-JBEAP-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.3 for BaseOS-8", "product_id": "8Base-JBEAP-7.3:eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el8eap.noarch" }, "product_reference": "eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el8eap.noarch", "relates_to_product_reference": "8Base-JBEAP-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el8eap.src as a component of Red Hat JBoss EAP 7.3 for BaseOS-8", "product_id": "8Base-JBEAP-7.3:eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el8eap.src" }, "product_reference": "eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el8eap.src", "relates_to_product_reference": "8Base-JBEAP-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.3 for BaseOS-8", "product_id": "8Base-JBEAP-7.3:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch" }, "product_reference": "eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "relates_to_product_reference": "8Base-JBEAP-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el8eap.src as a component of Red Hat JBoss EAP 7.3 for BaseOS-8", "product_id": "8Base-JBEAP-7.3:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el8eap.src" }, "product_reference": "eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el8eap.src", "relates_to_product_reference": "8Base-JBEAP-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.3 for BaseOS-8", "product_id": "8Base-JBEAP-7.3:eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch" }, "product_reference": "eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "relates_to_product_reference": "8Base-JBEAP-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.3 for BaseOS-8", "product_id": "8Base-JBEAP-7.3:eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch" }, "product_reference": "eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "relates_to_product_reference": "8Base-JBEAP-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.3 for BaseOS-8", "product_id": "8Base-JBEAP-7.3:eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch" }, "product_reference": "eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "relates_to_product_reference": "8Base-JBEAP-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.3 for BaseOS-8", "product_id": "8Base-JBEAP-7.3:eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch" }, "product_reference": "eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "relates_to_product_reference": "8Base-JBEAP-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.3 for BaseOS-8", "product_id": "8Base-JBEAP-7.3:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el8eap.noarch" }, "product_reference": "eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el8eap.noarch", "relates_to_product_reference": "8Base-JBEAP-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el8eap.src as a component of Red Hat JBoss EAP 7.3 for BaseOS-8", "product_id": "8Base-JBEAP-7.3:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el8eap.src" }, "product_reference": "eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el8eap.src", "relates_to_product_reference": "8Base-JBEAP-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.3 for BaseOS-8", "product_id": "8Base-JBEAP-7.3:eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el8eap.noarch" }, "product_reference": "eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el8eap.noarch", "relates_to_product_reference": "8Base-JBEAP-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.3 for BaseOS-8", "product_id": "8Base-JBEAP-7.3:eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch" }, "product_reference": "eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch", "relates_to_product_reference": "8Base-JBEAP-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el8eap.src as a component of Red Hat JBoss EAP 7.3 for BaseOS-8", "product_id": "8Base-JBEAP-7.3:eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el8eap.src" }, "product_reference": "eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el8eap.src", "relates_to_product_reference": "8Base-JBEAP-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-infinispan-cachestore-jdbc-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.3 for BaseOS-8", "product_id": "8Base-JBEAP-7.3:eap7-infinispan-cachestore-jdbc-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch" }, "product_reference": "eap7-infinispan-cachestore-jdbc-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch", "relates_to_product_reference": "8Base-JBEAP-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-infinispan-cachestore-remote-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.3 for BaseOS-8", "product_id": "8Base-JBEAP-7.3:eap7-infinispan-cachestore-remote-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch" }, "product_reference": "eap7-infinispan-cachestore-remote-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch", "relates_to_product_reference": "8Base-JBEAP-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-infinispan-client-hotrod-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.3 for BaseOS-8", "product_id": "8Base-JBEAP-7.3:eap7-infinispan-client-hotrod-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch" }, "product_reference": "eap7-infinispan-client-hotrod-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch", "relates_to_product_reference": "8Base-JBEAP-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-infinispan-commons-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.3 for BaseOS-8", "product_id": "8Base-JBEAP-7.3:eap7-infinispan-commons-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch" }, "product_reference": "eap7-infinispan-commons-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch", "relates_to_product_reference": "8Base-JBEAP-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-infinispan-core-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.3 for BaseOS-8", "product_id": "8Base-JBEAP-7.3:eap7-infinispan-core-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch" }, "product_reference": "eap7-infinispan-core-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch", "relates_to_product_reference": "8Base-JBEAP-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-infinispan-hibernate-cache-commons-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.3 for BaseOS-8", "product_id": "8Base-JBEAP-7.3:eap7-infinispan-hibernate-cache-commons-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch" }, "product_reference": "eap7-infinispan-hibernate-cache-commons-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch", "relates_to_product_reference": "8Base-JBEAP-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-infinispan-hibernate-cache-spi-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.3 for BaseOS-8", "product_id": "8Base-JBEAP-7.3:eap7-infinispan-hibernate-cache-spi-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch" }, "product_reference": "eap7-infinispan-hibernate-cache-spi-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch", "relates_to_product_reference": "8Base-JBEAP-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-infinispan-hibernate-cache-v53-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.3 for BaseOS-8", "product_id": "8Base-JBEAP-7.3:eap7-infinispan-hibernate-cache-v53-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch" }, "product_reference": "eap7-infinispan-hibernate-cache-v53-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch", "relates_to_product_reference": "8Base-JBEAP-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.3 for BaseOS-8", "product_id": "8Base-JBEAP-7.3:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch" }, "product_reference": "eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "relates_to_product_reference": "8Base-JBEAP-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el8eap.src as a component of Red Hat JBoss EAP 7.3 for BaseOS-8", "product_id": "8Base-JBEAP-7.3:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el8eap.src" }, "product_reference": "eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el8eap.src", "relates_to_product_reference": "8Base-JBEAP-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.3 for BaseOS-8", "product_id": "8Base-JBEAP-7.3:eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch" }, "product_reference": "eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "relates_to_product_reference": "8Base-JBEAP-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.3 for BaseOS-8", "product_id": "8Base-JBEAP-7.3:eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch" }, "product_reference": "eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "relates_to_product_reference": "8Base-JBEAP-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.3 for BaseOS-8", "product_id": "8Base-JBEAP-7.3:eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch" }, "product_reference": "eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "relates_to_product_reference": "8Base-JBEAP-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.3 for BaseOS-8", "product_id": "8Base-JBEAP-7.3:eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch" }, "product_reference": "eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "relates_to_product_reference": "8Base-JBEAP-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.3 for BaseOS-8", "product_id": "8Base-JBEAP-7.3:eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch" }, "product_reference": "eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "relates_to_product_reference": "8Base-JBEAP-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.3 for BaseOS-8", "product_id": "8Base-JBEAP-7.3:eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch" }, "product_reference": "eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "relates_to_product_reference": "8Base-JBEAP-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.3 for BaseOS-8", "product_id": "8Base-JBEAP-7.3:eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch" }, "product_reference": "eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "relates_to_product_reference": "8Base-JBEAP-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.3 for BaseOS-8", "product_id": "8Base-JBEAP-7.3:eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch" }, "product_reference": "eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "relates_to_product_reference": "8Base-JBEAP-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.3 for BaseOS-8", "product_id": "8Base-JBEAP-7.3:eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el8eap.noarch" }, "product_reference": "eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el8eap.noarch", "relates_to_product_reference": "8Base-JBEAP-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el8eap.src as a component of Red Hat JBoss EAP 7.3 for BaseOS-8", "product_id": "8Base-JBEAP-7.3:eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el8eap.src" }, "product_reference": "eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el8eap.src", "relates_to_product_reference": "8Base-JBEAP-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.3 for BaseOS-8", "product_id": "8Base-JBEAP-7.3:eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el8eap.noarch" }, "product_reference": "eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el8eap.noarch", "relates_to_product_reference": "8Base-JBEAP-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el8eap.src as a component of Red Hat JBoss EAP 7.3 for BaseOS-8", "product_id": "8Base-JBEAP-7.3:eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el8eap.src" }, "product_reference": "eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el8eap.src", "relates_to_product_reference": "8Base-JBEAP-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.3 for BaseOS-8", "product_id": "8Base-JBEAP-7.3:eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el8eap.noarch" }, "product_reference": "eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el8eap.noarch", "relates_to_product_reference": "8Base-JBEAP-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el8eap.src as a component of Red Hat JBoss EAP 7.3 for BaseOS-8", "product_id": "8Base-JBEAP-7.3:eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el8eap.src" }, "product_reference": "eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el8eap.src", "relates_to_product_reference": "8Base-JBEAP-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jackson-datatype-jdk8-0:2.10.4-1.redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.3 for BaseOS-8", "product_id": "8Base-JBEAP-7.3:eap7-jackson-datatype-jdk8-0:2.10.4-1.redhat_00001.1.el8eap.noarch" }, "product_reference": "eap7-jackson-datatype-jdk8-0:2.10.4-1.redhat_00001.1.el8eap.noarch", "relates_to_product_reference": "8Base-JBEAP-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jackson-datatype-jsr310-0:2.10.4-1.redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.3 for BaseOS-8", "product_id": "8Base-JBEAP-7.3:eap7-jackson-datatype-jsr310-0:2.10.4-1.redhat_00001.1.el8eap.noarch" }, "product_reference": "eap7-jackson-datatype-jsr310-0:2.10.4-1.redhat_00001.1.el8eap.noarch", "relates_to_product_reference": "8Base-JBEAP-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jackson-jaxrs-base-0:2.10.4-1.redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.3 for BaseOS-8", "product_id": "8Base-JBEAP-7.3:eap7-jackson-jaxrs-base-0:2.10.4-1.redhat_00001.1.el8eap.noarch" }, "product_reference": "eap7-jackson-jaxrs-base-0:2.10.4-1.redhat_00001.1.el8eap.noarch", "relates_to_product_reference": "8Base-JBEAP-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jackson-jaxrs-json-provider-0:2.10.4-1.redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.3 for BaseOS-8", "product_id": "8Base-JBEAP-7.3:eap7-jackson-jaxrs-json-provider-0:2.10.4-1.redhat_00001.1.el8eap.noarch" }, "product_reference": "eap7-jackson-jaxrs-json-provider-0:2.10.4-1.redhat_00001.1.el8eap.noarch", "relates_to_product_reference": "8Base-JBEAP-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jackson-jaxrs-providers-0:2.10.4-1.redhat_00001.1.el8eap.src as a component of Red Hat JBoss EAP 7.3 for BaseOS-8", "product_id": "8Base-JBEAP-7.3:eap7-jackson-jaxrs-providers-0:2.10.4-1.redhat_00001.1.el8eap.src" }, "product_reference": "eap7-jackson-jaxrs-providers-0:2.10.4-1.redhat_00001.1.el8eap.src", "relates_to_product_reference": "8Base-JBEAP-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jackson-module-jaxb-annotations-0:2.10.4-1.redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.3 for BaseOS-8", "product_id": "8Base-JBEAP-7.3:eap7-jackson-module-jaxb-annotations-0:2.10.4-1.redhat_00001.1.el8eap.noarch" }, "product_reference": "eap7-jackson-module-jaxb-annotations-0:2.10.4-1.redhat_00001.1.el8eap.noarch", "relates_to_product_reference": "8Base-JBEAP-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.3 for BaseOS-8", "product_id": "8Base-JBEAP-7.3:eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el8eap.noarch" }, "product_reference": "eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el8eap.noarch", "relates_to_product_reference": "8Base-JBEAP-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el8eap.src as a component of Red Hat JBoss EAP 7.3 for BaseOS-8", "product_id": "8Base-JBEAP-7.3:eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el8eap.src" }, "product_reference": "eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el8eap.src", "relates_to_product_reference": "8Base-JBEAP-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.3 for BaseOS-8", "product_id": "8Base-JBEAP-7.3:eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el8eap.noarch" }, "product_reference": "eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el8eap.noarch", "relates_to_product_reference": "8Base-JBEAP-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el8eap.src as a component of Red Hat JBoss EAP 7.3 for BaseOS-8", "product_id": "8Base-JBEAP-7.3:eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el8eap.src" }, "product_reference": "eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el8eap.src", "relates_to_product_reference": "8Base-JBEAP-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.3 for BaseOS-8", "product_id": "8Base-JBEAP-7.3:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el8eap.noarch" }, "product_reference": "eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el8eap.noarch", "relates_to_product_reference": "8Base-JBEAP-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el8eap.src as a component of Red Hat JBoss EAP 7.3 for BaseOS-8", "product_id": "8Base-JBEAP-7.3:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el8eap.src" }, "product_reference": "eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el8eap.src", "relates_to_product_reference": "8Base-JBEAP-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.3 for BaseOS-8", "product_id": "8Base-JBEAP-7.3:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el8eap.noarch" }, "product_reference": "eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el8eap.noarch", "relates_to_product_reference": "8Base-JBEAP-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el8eap.src as a component of Red Hat JBoss EAP 7.3 for BaseOS-8", "product_id": "8Base-JBEAP-7.3:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el8eap.src" }, "product_reference": "eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el8eap.src", "relates_to_product_reference": "8Base-JBEAP-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.3 for BaseOS-8", "product_id": "8Base-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el8eap.noarch" }, "product_reference": "eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el8eap.noarch", "relates_to_product_reference": "8Base-JBEAP-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el8eap.src as a component of Red Hat JBoss EAP 7.3 for BaseOS-8", "product_id": "8Base-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el8eap.src" }, "product_reference": "eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el8eap.src", "relates_to_product_reference": "8Base-JBEAP-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.3 for BaseOS-8", "product_id": "8Base-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch" }, "product_reference": "eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "relates_to_product_reference": "8Base-JBEAP-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el8eap.src as a component of Red Hat JBoss EAP 7.3 for BaseOS-8", "product_id": "8Base-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el8eap.src" }, "product_reference": "eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el8eap.src", "relates_to_product_reference": "8Base-JBEAP-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jboss-server-migration-cli-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.3 for BaseOS-8", "product_id": "8Base-JBEAP-7.3:eap7-jboss-server-migration-cli-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch" }, "product_reference": "eap7-jboss-server-migration-cli-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "relates_to_product_reference": "8Base-JBEAP-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jboss-server-migration-core-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.3 for BaseOS-8", "product_id": "8Base-JBEAP-7.3:eap7-jboss-server-migration-core-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch" }, "product_reference": "eap7-jboss-server-migration-core-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "relates_to_product_reference": "8Base-JBEAP-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jboss-server-migration-eap6.4-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.3 for BaseOS-8", "product_id": "8Base-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch" }, "product_reference": "eap7-jboss-server-migration-eap6.4-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "relates_to_product_reference": "8Base-JBEAP-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.3 for BaseOS-8", "product_id": "8Base-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch" }, "product_reference": "eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "relates_to_product_reference": "8Base-JBEAP-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jboss-server-migration-eap7.0-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.3 for BaseOS-8", "product_id": "8Base-JBEAP-7.3:eap7-jboss-server-migration-eap7.0-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch" }, "product_reference": "eap7-jboss-server-migration-eap7.0-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "relates_to_product_reference": "8Base-JBEAP-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jboss-server-migration-eap7.1-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.3 for BaseOS-8", "product_id": "8Base-JBEAP-7.3:eap7-jboss-server-migration-eap7.1-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch" }, "product_reference": "eap7-jboss-server-migration-eap7.1-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "relates_to_product_reference": "8Base-JBEAP-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jboss-server-migration-eap7.2-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.3 for BaseOS-8", "product_id": "8Base-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch" }, "product_reference": "eap7-jboss-server-migration-eap7.2-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "relates_to_product_reference": "8Base-JBEAP-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.3 for BaseOS-8", "product_id": "8Base-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch" }, "product_reference": "eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "relates_to_product_reference": "8Base-JBEAP-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jboss-server-migration-eap7.3-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.3 for BaseOS-8", "product_id": "8Base-JBEAP-7.3:eap7-jboss-server-migration-eap7.3-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch" }, "product_reference": "eap7-jboss-server-migration-eap7.3-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "relates_to_product_reference": "8Base-JBEAP-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jboss-server-migration-wildfly10.0-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.3 for BaseOS-8", "product_id": "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.0-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch" }, "product_reference": "eap7-jboss-server-migration-wildfly10.0-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "relates_to_product_reference": "8Base-JBEAP-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jboss-server-migration-wildfly10.1-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.3 for BaseOS-8", "product_id": "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.1-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch" }, "product_reference": "eap7-jboss-server-migration-wildfly10.1-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "relates_to_product_reference": "8Base-JBEAP-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jboss-server-migration-wildfly11.0-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.3 for BaseOS-8", "product_id": "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly11.0-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch" }, "product_reference": "eap7-jboss-server-migration-wildfly11.0-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "relates_to_product_reference": "8Base-JBEAP-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jboss-server-migration-wildfly12.0-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.3 for BaseOS-8", "product_id": "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly12.0-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch" }, "product_reference": "eap7-jboss-server-migration-wildfly12.0-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "relates_to_product_reference": "8Base-JBEAP-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jboss-server-migration-wildfly13.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.3 for BaseOS-8", "product_id": "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly13.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch" }, "product_reference": "eap7-jboss-server-migration-wildfly13.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "relates_to_product_reference": "8Base-JBEAP-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jboss-server-migration-wildfly14.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.3 for BaseOS-8", "product_id": "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly14.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch" }, "product_reference": "eap7-jboss-server-migration-wildfly14.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "relates_to_product_reference": "8Base-JBEAP-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jboss-server-migration-wildfly15.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.3 for BaseOS-8", "product_id": "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly15.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch" }, "product_reference": "eap7-jboss-server-migration-wildfly15.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "relates_to_product_reference": "8Base-JBEAP-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jboss-server-migration-wildfly16.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.3 for BaseOS-8", "product_id": "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly16.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch" }, "product_reference": "eap7-jboss-server-migration-wildfly16.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "relates_to_product_reference": "8Base-JBEAP-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jboss-server-migration-wildfly17.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.3 for BaseOS-8", "product_id": "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly17.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch" }, "product_reference": "eap7-jboss-server-migration-wildfly17.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "relates_to_product_reference": "8Base-JBEAP-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jboss-server-migration-wildfly18.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.3 for BaseOS-8", "product_id": "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly18.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch" }, "product_reference": "eap7-jboss-server-migration-wildfly18.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "relates_to_product_reference": "8Base-JBEAP-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jboss-server-migration-wildfly8.2-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.3 for BaseOS-8", "product_id": "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly8.2-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch" }, "product_reference": "eap7-jboss-server-migration-wildfly8.2-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "relates_to_product_reference": "8Base-JBEAP-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jboss-server-migration-wildfly9.0-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.3 for BaseOS-8", "product_id": "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly9.0-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch" }, "product_reference": "eap7-jboss-server-migration-wildfly9.0-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "relates_to_product_reference": "8Base-JBEAP-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.3 for BaseOS-8", "product_id": "8Base-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el8eap.noarch" }, "product_reference": "eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el8eap.noarch", "relates_to_product_reference": "8Base-JBEAP-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el8eap.src as a component of Red Hat JBoss EAP 7.3 for BaseOS-8", "product_id": "8Base-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el8eap.src" }, "product_reference": "eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el8eap.src", "relates_to_product_reference": "8Base-JBEAP-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.3 for BaseOS-8", "product_id": "8Base-JBEAP-7.3:eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el8eap.noarch" }, "product_reference": "eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el8eap.noarch", "relates_to_product_reference": "8Base-JBEAP-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el8eap.src as a component of Red Hat JBoss EAP 7.3 for BaseOS-8", "product_id": "8Base-JBEAP-7.3:eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el8eap.src" }, "product_reference": "eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el8eap.src", "relates_to_product_reference": "8Base-JBEAP-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-netty-all-0:4.1.48-1.Final_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.3 for BaseOS-8", "product_id": "8Base-JBEAP-7.3:eap7-netty-all-0:4.1.48-1.Final_redhat_00001.1.el8eap.noarch" }, "product_reference": "eap7-netty-all-0:4.1.48-1.Final_redhat_00001.1.el8eap.noarch", "relates_to_product_reference": "8Base-JBEAP-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.3 for BaseOS-8", "product_id": "8Base-JBEAP-7.3:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el8eap.noarch" }, "product_reference": "eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el8eap.noarch", "relates_to_product_reference": "8Base-JBEAP-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el8eap.src as a component of Red Hat JBoss EAP 7.3 for BaseOS-8", "product_id": "8Base-JBEAP-7.3:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el8eap.src" }, "product_reference": "eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el8eap.src", "relates_to_product_reference": "8Base-JBEAP-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-undertow-server-0:1.6.2-1.Final_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.3 for BaseOS-8", "product_id": "8Base-JBEAP-7.3:eap7-undertow-server-0:1.6.2-1.Final_redhat_00001.1.el8eap.noarch" }, "product_reference": "eap7-undertow-server-0:1.6.2-1.Final_redhat_00001.1.el8eap.noarch", "relates_to_product_reference": "8Base-JBEAP-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.3 for BaseOS-8", "product_id": "8Base-JBEAP-7.3:eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el8eap.noarch" }, "product_reference": "eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el8eap.noarch", "relates_to_product_reference": "8Base-JBEAP-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el8eap.src as a component of Red Hat JBoss EAP 7.3 for BaseOS-8", "product_id": "8Base-JBEAP-7.3:eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el8eap.src" }, "product_reference": "eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el8eap.src", "relates_to_product_reference": "8Base-JBEAP-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.3 for BaseOS-8", "product_id": "8Base-JBEAP-7.3:eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el8eap.noarch" }, "product_reference": "eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el8eap.noarch", "relates_to_product_reference": "8Base-JBEAP-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el8eap.src as a component of Red Hat JBoss EAP 7.3 for BaseOS-8", "product_id": "8Base-JBEAP-7.3:eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el8eap.src" }, "product_reference": "eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el8eap.src", "relates_to_product_reference": "8Base-JBEAP-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.3 for BaseOS-8", "product_id": "8Base-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el8eap.noarch" }, "product_reference": "eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el8eap.noarch", "relates_to_product_reference": "8Base-JBEAP-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el8eap.src as a component of Red Hat JBoss EAP 7.3 for BaseOS-8", "product_id": "8Base-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el8eap.src" }, "product_reference": "eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el8eap.src", "relates_to_product_reference": "8Base-JBEAP-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-wildfly-elytron-tool-0:1.10.7-1.Final_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.3 for BaseOS-8", "product_id": "8Base-JBEAP-7.3:eap7-wildfly-elytron-tool-0:1.10.7-1.Final_redhat_00001.1.el8eap.noarch" }, "product_reference": "eap7-wildfly-elytron-tool-0:1.10.7-1.Final_redhat_00001.1.el8eap.noarch", "relates_to_product_reference": "8Base-JBEAP-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.src as a component of Red Hat JBoss EAP 7.3 for BaseOS-8", "product_id": "8Base-JBEAP-7.3:eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.src" }, "product_reference": "eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.src", "relates_to_product_reference": "8Base-JBEAP-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.3 for BaseOS-8", "product_id": "8Base-JBEAP-7.3:eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch" }, "product_reference": "eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch", "relates_to_product_reference": "8Base-JBEAP-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.3 for BaseOS-8", "product_id": "8Base-JBEAP-7.3:eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch" }, "product_reference": "eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch", "relates_to_product_reference": "8Base-JBEAP-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.3 for BaseOS-8", "product_id": "8Base-JBEAP-7.3:eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch" }, "product_reference": "eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch", "relates_to_product_reference": "8Base-JBEAP-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.3 for BaseOS-8", "product_id": "8Base-JBEAP-7.3:eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch" }, "product_reference": "eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch", "relates_to_product_reference": "8Base-JBEAP-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-wildfly-javadocs-0:7.3.2-4.GA_redhat_00002.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.3 for BaseOS-8", "product_id": "8Base-JBEAP-7.3:eap7-wildfly-javadocs-0:7.3.2-4.GA_redhat_00002.1.el8eap.noarch" }, "product_reference": "eap7-wildfly-javadocs-0:7.3.2-4.GA_redhat_00002.1.el8eap.noarch", "relates_to_product_reference": "8Base-JBEAP-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-wildfly-modules-0:7.3.2-4.GA_redhat_00002.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.3 for BaseOS-8", "product_id": "8Base-JBEAP-7.3:eap7-wildfly-modules-0:7.3.2-4.GA_redhat_00002.1.el8eap.noarch" }, "product_reference": "eap7-wildfly-modules-0:7.3.2-4.GA_redhat_00002.1.el8eap.noarch", "relates_to_product_reference": "8Base-JBEAP-7.3" } ] }, "vulnerabilities": [ { "acknowledgments": [ { "names": [ "Guillaume Smet" ], "organization": "Red Hat", "summary": "This issue was discovered by Red Hat." } ], "cve": "CVE-2019-14900", "cwe": { "id": "CWE-89", "name": "Improper Neutralization of Special Elements used in an SQL Command (\u0027SQL Injection\u0027)" }, "discovery_date": "2019-01-15T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1666499" } ], "notes": [ { "category": "description", "text": "A flaw was found in Hibernate ORM. A SQL injection in the implementation of the JPA Criteria API can permit unsanitized literals when a literal is used in the SELECT or GROUP BY parts of the query. This flaw could allow an attacker to access unauthorized information or possibly conduct further attacks.", "title": "Vulnerability description" }, { "category": "summary", "text": "hibernate: SQL injection issue in Hibernate ORM", "title": "Vulnerability summary" }, { "category": "other", "text": "OpenDaylight:\nIn RHOSP10, RHOSP13 and RHOSP14 editions of Red Hat OpenStack platform, the hibernate-jfa library shipped with OpenDaylight is contains a flaw in the processing of SQL queries. The hibernate-jha implemenation is not used in a vulnerable way in OpenDaylight, preventing the potential for SQL injection.\n\nRed Hat Satellite 6.2, 6.3 and 6.4 contains affected versions of hibernate-core in its candlepin component. However, that component does not use hibernate-core in a vulnerable way.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "8Base-JBEAP-7.3:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-elytron-web-0:1.6.2-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-infinispan-cachestore-jdbc-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-infinispan-cachestore-remote-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-infinispan-client-hotrod-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-infinispan-commons-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-infinispan-core-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-infinispan-hibernate-cache-commons-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-infinispan-hibernate-cache-spi-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-infinispan-hibernate-cache-v53-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-jackson-datatype-jdk8-0:2.10.4-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-datatype-jsr310-0:2.10.4-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-jaxrs-base-0:2.10.4-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-jaxrs-json-provider-0:2.10.4-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-jaxrs-providers-0:2.10.4-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-jackson-module-jaxb-annotations-0:2.10.4-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el8eap.src", "8Base-JBEAP-7.3:eap7-jboss-server-migration-cli-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-core-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-eap7.0-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-eap7.1-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-eap7.3-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.0-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.1-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly11.0-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly12.0-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly13.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly14.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly15.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly16.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly17.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly18.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly8.2-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly9.0-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-netty-all-0:4.1.48-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-undertow-server-0:1.6.2-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el8eap.src", "8Base-JBEAP-7.3:eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el8eap.src", "8Base-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-wildfly-elytron-tool-0:1.10.7-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-javadocs-0:7.3.2-4.GA_redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-modules-0:7.3.2-4.GA_redhat_00002.1.el8eap.noarch" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2019-14900" }, { "category": "external", "summary": "RHBZ#1666499", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1666499" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2019-14900", "url": "https://www.cve.org/CVERecord?id=CVE-2019-14900" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2019-14900", "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-14900" } ], "release_date": "2020-05-12T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2020-08-17T13:28:45+00:00", "details": "Before applying this update, ensure all previously released errata relevant to your system have been applied.\n\nFor details about how to apply this update, see:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "8Base-JBEAP-7.3:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-elytron-web-0:1.6.2-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-infinispan-cachestore-jdbc-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-infinispan-cachestore-remote-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-infinispan-client-hotrod-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-infinispan-commons-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-infinispan-core-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-infinispan-hibernate-cache-commons-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-infinispan-hibernate-cache-spi-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-infinispan-hibernate-cache-v53-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-jackson-datatype-jdk8-0:2.10.4-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-datatype-jsr310-0:2.10.4-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-jaxrs-base-0:2.10.4-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-jaxrs-json-provider-0:2.10.4-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-jaxrs-providers-0:2.10.4-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-jackson-module-jaxb-annotations-0:2.10.4-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el8eap.src", "8Base-JBEAP-7.3:eap7-jboss-server-migration-cli-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-core-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-eap7.0-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-eap7.1-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-eap7.3-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.0-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.1-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly11.0-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly12.0-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly13.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly14.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly15.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly16.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly17.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly18.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly8.2-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly9.0-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-netty-all-0:4.1.48-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-undertow-server-0:1.6.2-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el8eap.src", "8Base-JBEAP-7.3:eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el8eap.src", "8Base-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-wildfly-elytron-tool-0:1.10.7-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-javadocs-0:7.3.2-4.GA_redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-modules-0:7.3.2-4.GA_redhat_00002.1.el8eap.noarch" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2020:3463" }, { "category": "workaround", "details": "There is no currently known mitigation for this flaw.", "product_ids": [ "8Base-JBEAP-7.3:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-elytron-web-0:1.6.2-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-infinispan-cachestore-jdbc-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-infinispan-cachestore-remote-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-infinispan-client-hotrod-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-infinispan-commons-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-infinispan-core-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-infinispan-hibernate-cache-commons-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-infinispan-hibernate-cache-spi-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-infinispan-hibernate-cache-v53-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-jackson-datatype-jdk8-0:2.10.4-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-datatype-jsr310-0:2.10.4-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-jaxrs-base-0:2.10.4-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-jaxrs-json-provider-0:2.10.4-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-jaxrs-providers-0:2.10.4-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-jackson-module-jaxb-annotations-0:2.10.4-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el8eap.src", "8Base-JBEAP-7.3:eap7-jboss-server-migration-cli-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-core-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-eap7.0-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-eap7.1-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-eap7.3-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.0-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.1-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly11.0-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly12.0-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly13.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly14.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly15.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly16.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly17.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly18.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly8.2-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly9.0-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-netty-all-0:4.1.48-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-undertow-server-0:1.6.2-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el8eap.src", "8Base-JBEAP-7.3:eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el8eap.src", "8Base-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-wildfly-elytron-tool-0:1.10.7-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-javadocs-0:7.3.2-4.GA_redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-modules-0:7.3.2-4.GA_redhat_00002.1.el8eap.noarch" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "version": "3.1" }, "products": [ "8Base-JBEAP-7.3:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-elytron-web-0:1.6.2-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-infinispan-cachestore-jdbc-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-infinispan-cachestore-remote-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-infinispan-client-hotrod-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-infinispan-commons-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-infinispan-core-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-infinispan-hibernate-cache-commons-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-infinispan-hibernate-cache-spi-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-infinispan-hibernate-cache-v53-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-jackson-datatype-jdk8-0:2.10.4-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-datatype-jsr310-0:2.10.4-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-jaxrs-base-0:2.10.4-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-jaxrs-json-provider-0:2.10.4-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-jaxrs-providers-0:2.10.4-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-jackson-module-jaxb-annotations-0:2.10.4-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el8eap.src", "8Base-JBEAP-7.3:eap7-jboss-server-migration-cli-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-core-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-eap7.0-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-eap7.1-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-eap7.3-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.0-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.1-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly11.0-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly12.0-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly13.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly14.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly15.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly16.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly17.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly18.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly8.2-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly9.0-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-netty-all-0:4.1.48-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-undertow-server-0:1.6.2-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el8eap.src", "8Base-JBEAP-7.3:eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el8eap.src", "8Base-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-wildfly-elytron-tool-0:1.10.7-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-javadocs-0:7.3.2-4.GA_redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-modules-0:7.3.2-4.GA_redhat_00002.1.el8eap.noarch" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "hibernate: SQL injection issue in Hibernate ORM" }, { "cve": "CVE-2020-1710", "cwe": { "id": "CWE-113", "name": "Improper Neutralization of CRLF Sequences in HTTP Headers (\u0027HTTP Request/Response Splitting\u0027)" }, "discovery_date": "2019-12-20T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1793970" } ], "notes": [ { "category": "description", "text": "A flaw was discovered in JBoss EAP, where it does not process the header field-name in accordance with RFC7230. Whitespace between the header field-name and colon is processed, resulting in an HTTP response code of 200 instead of a bad request of 400.", "title": "Vulnerability description" }, { "category": "summary", "text": "EAP: field-name is not parsed in accordance to RFC7230", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "8Base-JBEAP-7.3:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-elytron-web-0:1.6.2-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-infinispan-cachestore-jdbc-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-infinispan-cachestore-remote-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-infinispan-client-hotrod-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-infinispan-commons-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-infinispan-core-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-infinispan-hibernate-cache-commons-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-infinispan-hibernate-cache-spi-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-infinispan-hibernate-cache-v53-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-jackson-datatype-jdk8-0:2.10.4-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-datatype-jsr310-0:2.10.4-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-jaxrs-base-0:2.10.4-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-jaxrs-json-provider-0:2.10.4-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-jaxrs-providers-0:2.10.4-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-jackson-module-jaxb-annotations-0:2.10.4-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el8eap.src", "8Base-JBEAP-7.3:eap7-jboss-server-migration-cli-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-core-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-eap7.0-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-eap7.1-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-eap7.3-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.0-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.1-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly11.0-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly12.0-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly13.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly14.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly15.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly16.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly17.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly18.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly8.2-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly9.0-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-netty-all-0:4.1.48-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-undertow-server-0:1.6.2-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el8eap.src", "8Base-JBEAP-7.3:eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el8eap.src", "8Base-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-wildfly-elytron-tool-0:1.10.7-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-javadocs-0:7.3.2-4.GA_redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-modules-0:7.3.2-4.GA_redhat_00002.1.el8eap.noarch" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2020-1710" }, { "category": "external", "summary": "RHBZ#1793970", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1793970" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2020-1710", "url": "https://www.cve.org/CVERecord?id=CVE-2020-1710" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-1710", "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-1710" } ], "release_date": "2020-08-06T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2020-08-17T13:28:45+00:00", "details": "Before applying this update, ensure all previously released errata relevant to your system have been applied.\n\nFor details about how to apply this update, see:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "8Base-JBEAP-7.3:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-elytron-web-0:1.6.2-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-infinispan-cachestore-jdbc-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-infinispan-cachestore-remote-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-infinispan-client-hotrod-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-infinispan-commons-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-infinispan-core-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-infinispan-hibernate-cache-commons-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-infinispan-hibernate-cache-spi-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-infinispan-hibernate-cache-v53-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-jackson-datatype-jdk8-0:2.10.4-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-datatype-jsr310-0:2.10.4-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-jaxrs-base-0:2.10.4-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-jaxrs-json-provider-0:2.10.4-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-jaxrs-providers-0:2.10.4-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-jackson-module-jaxb-annotations-0:2.10.4-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el8eap.src", "8Base-JBEAP-7.3:eap7-jboss-server-migration-cli-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-core-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-eap7.0-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-eap7.1-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-eap7.3-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.0-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.1-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly11.0-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly12.0-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly13.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly14.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly15.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly16.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly17.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly18.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly8.2-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly9.0-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-netty-all-0:4.1.48-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-undertow-server-0:1.6.2-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el8eap.src", "8Base-JBEAP-7.3:eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el8eap.src", "8Base-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-wildfly-elytron-tool-0:1.10.7-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-javadocs-0:7.3.2-4.GA_redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-modules-0:7.3.2-4.GA_redhat_00002.1.el8eap.noarch" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2020:3463" }, { "category": "workaround", "details": "There is currently no known mitigation for this issue.", "product_ids": [ "8Base-JBEAP-7.3:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-elytron-web-0:1.6.2-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-infinispan-cachestore-jdbc-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-infinispan-cachestore-remote-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-infinispan-client-hotrod-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-infinispan-commons-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-infinispan-core-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-infinispan-hibernate-cache-commons-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-infinispan-hibernate-cache-spi-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-infinispan-hibernate-cache-v53-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-jackson-datatype-jdk8-0:2.10.4-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-datatype-jsr310-0:2.10.4-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-jaxrs-base-0:2.10.4-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-jaxrs-json-provider-0:2.10.4-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-jaxrs-providers-0:2.10.4-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-jackson-module-jaxb-annotations-0:2.10.4-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el8eap.src", "8Base-JBEAP-7.3:eap7-jboss-server-migration-cli-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-core-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-eap7.0-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-eap7.1-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-eap7.3-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.0-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.1-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly11.0-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly12.0-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly13.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly14.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly15.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly16.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly17.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly18.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly8.2-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly9.0-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-netty-all-0:4.1.48-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-undertow-server-0:1.6.2-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el8eap.src", "8Base-JBEAP-7.3:eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el8eap.src", "8Base-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-wildfly-elytron-tool-0:1.10.7-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-javadocs-0:7.3.2-4.GA_redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-modules-0:7.3.2-4.GA_redhat_00002.1.el8eap.noarch" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", "version": "3.1" }, "products": [ "8Base-JBEAP-7.3:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-elytron-web-0:1.6.2-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-infinispan-cachestore-jdbc-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-infinispan-cachestore-remote-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-infinispan-client-hotrod-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-infinispan-commons-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-infinispan-core-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-infinispan-hibernate-cache-commons-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-infinispan-hibernate-cache-spi-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-infinispan-hibernate-cache-v53-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-jackson-datatype-jdk8-0:2.10.4-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-datatype-jsr310-0:2.10.4-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-jaxrs-base-0:2.10.4-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-jaxrs-json-provider-0:2.10.4-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-jaxrs-providers-0:2.10.4-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-jackson-module-jaxb-annotations-0:2.10.4-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el8eap.src", "8Base-JBEAP-7.3:eap7-jboss-server-migration-cli-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-core-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-eap7.0-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-eap7.1-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-eap7.3-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.0-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.1-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly11.0-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly12.0-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly13.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly14.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly15.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly16.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly17.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly18.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly8.2-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly9.0-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-netty-all-0:4.1.48-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-undertow-server-0:1.6.2-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el8eap.src", "8Base-JBEAP-7.3:eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el8eap.src", "8Base-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-wildfly-elytron-tool-0:1.10.7-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-javadocs-0:7.3.2-4.GA_redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-modules-0:7.3.2-4.GA_redhat_00002.1.el8eap.noarch" ] } ], "threats": [ { "category": "impact", "details": "Important" } ], "title": "EAP: field-name is not parsed in accordance to RFC7230" }, { "cve": "CVE-2020-1748", "cwe": { "id": "CWE-285", "name": "Improper Authorization" }, "discovery_date": "2020-02-26T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1807707" } ], "notes": [ { "category": "description", "text": "A flaw was found in Wildfly, where the WildFlySecurityManager checks were bypassed when using custom security managers, resulting in an improper authorization. This flaw leads to information exposure by unauthenticated access to secure resources.", "title": "Vulnerability description" }, { "category": "summary", "text": "Wildfly: Improper authorization issue in WildFlySecurityManager when using alternative protection domain", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "8Base-JBEAP-7.3:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-elytron-web-0:1.6.2-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-infinispan-cachestore-jdbc-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-infinispan-cachestore-remote-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-infinispan-client-hotrod-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-infinispan-commons-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-infinispan-core-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-infinispan-hibernate-cache-commons-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-infinispan-hibernate-cache-spi-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-infinispan-hibernate-cache-v53-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-jackson-datatype-jdk8-0:2.10.4-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-datatype-jsr310-0:2.10.4-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-jaxrs-base-0:2.10.4-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-jaxrs-json-provider-0:2.10.4-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-jaxrs-providers-0:2.10.4-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-jackson-module-jaxb-annotations-0:2.10.4-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el8eap.src", "8Base-JBEAP-7.3:eap7-jboss-server-migration-cli-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-core-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-eap7.0-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-eap7.1-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-eap7.3-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.0-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.1-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly11.0-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly12.0-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly13.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly14.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly15.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly16.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly17.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly18.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly8.2-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly9.0-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-netty-all-0:4.1.48-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-undertow-server-0:1.6.2-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el8eap.src", "8Base-JBEAP-7.3:eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el8eap.src", "8Base-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-wildfly-elytron-tool-0:1.10.7-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-javadocs-0:7.3.2-4.GA_redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-modules-0:7.3.2-4.GA_redhat_00002.1.el8eap.noarch" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2020-1748" }, { "category": "external", "summary": "RHBZ#1807707", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1807707" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2020-1748", "url": "https://www.cve.org/CVERecord?id=CVE-2020-1748" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-1748", "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-1748" } ], "release_date": "2020-08-06T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2020-08-17T13:28:45+00:00", "details": "Before applying this update, ensure all previously released errata relevant to your system have been applied.\n\nFor details about how to apply this update, see:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "8Base-JBEAP-7.3:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-elytron-web-0:1.6.2-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-infinispan-cachestore-jdbc-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-infinispan-cachestore-remote-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-infinispan-client-hotrod-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-infinispan-commons-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-infinispan-core-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-infinispan-hibernate-cache-commons-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-infinispan-hibernate-cache-spi-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-infinispan-hibernate-cache-v53-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-jackson-datatype-jdk8-0:2.10.4-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-datatype-jsr310-0:2.10.4-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-jaxrs-base-0:2.10.4-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-jaxrs-json-provider-0:2.10.4-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-jaxrs-providers-0:2.10.4-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-jackson-module-jaxb-annotations-0:2.10.4-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el8eap.src", "8Base-JBEAP-7.3:eap7-jboss-server-migration-cli-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-core-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-eap7.0-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-eap7.1-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-eap7.3-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.0-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.1-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly11.0-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly12.0-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly13.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly14.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly15.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly16.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly17.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly18.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly8.2-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly9.0-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-netty-all-0:4.1.48-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-undertow-server-0:1.6.2-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el8eap.src", "8Base-JBEAP-7.3:eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el8eap.src", "8Base-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-wildfly-elytron-tool-0:1.10.7-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-javadocs-0:7.3.2-4.GA_redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-modules-0:7.3.2-4.GA_redhat_00002.1.el8eap.noarch" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2020:3463" } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 4.8, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N", "version": "3.1" }, "products": [ "8Base-JBEAP-7.3:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-elytron-web-0:1.6.2-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-infinispan-cachestore-jdbc-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-infinispan-cachestore-remote-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-infinispan-client-hotrod-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-infinispan-commons-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-infinispan-core-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-infinispan-hibernate-cache-commons-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-infinispan-hibernate-cache-spi-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-infinispan-hibernate-cache-v53-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-jackson-datatype-jdk8-0:2.10.4-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-datatype-jsr310-0:2.10.4-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-jaxrs-base-0:2.10.4-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-jaxrs-json-provider-0:2.10.4-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-jaxrs-providers-0:2.10.4-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-jackson-module-jaxb-annotations-0:2.10.4-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el8eap.src", "8Base-JBEAP-7.3:eap7-jboss-server-migration-cli-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-core-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-eap7.0-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-eap7.1-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-eap7.3-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.0-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.1-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly11.0-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly12.0-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly13.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly14.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly15.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly16.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly17.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly18.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly8.2-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly9.0-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-netty-all-0:4.1.48-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-undertow-server-0:1.6.2-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el8eap.src", "8Base-JBEAP-7.3:eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el8eap.src", "8Base-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-wildfly-elytron-tool-0:1.10.7-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-javadocs-0:7.3.2-4.GA_redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-modules-0:7.3.2-4.GA_redhat_00002.1.el8eap.noarch" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "Wildfly: Improper authorization issue in WildFlySecurityManager when using alternative protection domain" }, { "cve": "CVE-2020-10672", "cwe": { "id": "CWE-96", "name": "Improper Neutralization of Directives in Statically Saved Code (\u0027Static Code Injection\u0027)" }, "discovery_date": "2020-03-19T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1815495" } ], "notes": [ { "category": "description", "text": "A flaw was found in jackson-databind 2.x in versions prior to 2.9.10.4. FasterXML jackson-databind 2.x mishandles the interaction between serialization gadgets and typing. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.", "title": "Vulnerability description" }, { "category": "summary", "text": "jackson-databind: mishandles the interaction between serialization gadgets and typing which could result in remote command execution", "title": "Vulnerability summary" }, { "category": "other", "text": "Red Hat OpenStack Platform ships OpenDaylight, which contains the vulnerable jackson-databind. However, OpenDaylight does not expose jackson-databind in a way that would make it vulnerable, lowering the impact of the vulnerability for OpenDaylight. As such, Red Hat will not be providing a fix for OpenDaylight at this time.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "8Base-JBEAP-7.3:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-elytron-web-0:1.6.2-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-infinispan-cachestore-jdbc-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-infinispan-cachestore-remote-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-infinispan-client-hotrod-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-infinispan-commons-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-infinispan-core-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-infinispan-hibernate-cache-commons-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-infinispan-hibernate-cache-spi-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-infinispan-hibernate-cache-v53-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-jackson-datatype-jdk8-0:2.10.4-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-datatype-jsr310-0:2.10.4-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-jaxrs-base-0:2.10.4-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-jaxrs-json-provider-0:2.10.4-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-jaxrs-providers-0:2.10.4-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-jackson-module-jaxb-annotations-0:2.10.4-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el8eap.src", "8Base-JBEAP-7.3:eap7-jboss-server-migration-cli-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-core-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-eap7.0-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-eap7.1-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-eap7.3-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.0-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.1-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly11.0-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly12.0-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly13.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly14.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly15.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly16.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly17.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly18.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly8.2-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly9.0-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-netty-all-0:4.1.48-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-undertow-server-0:1.6.2-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el8eap.src", "8Base-JBEAP-7.3:eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el8eap.src", "8Base-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-wildfly-elytron-tool-0:1.10.7-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-javadocs-0:7.3.2-4.GA_redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-modules-0:7.3.2-4.GA_redhat_00002.1.el8eap.noarch" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2020-10672" }, { "category": "external", "summary": "RHBZ#1815495", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1815495" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2020-10672", "url": "https://www.cve.org/CVERecord?id=CVE-2020-10672" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-10672", "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-10672" } ], "release_date": "2020-03-15T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2020-08-17T13:28:45+00:00", "details": "Before applying this update, ensure all previously released errata relevant to your system have been applied.\n\nFor details about how to apply this update, see:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "8Base-JBEAP-7.3:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-elytron-web-0:1.6.2-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-infinispan-cachestore-jdbc-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-infinispan-cachestore-remote-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-infinispan-client-hotrod-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-infinispan-commons-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-infinispan-core-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-infinispan-hibernate-cache-commons-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-infinispan-hibernate-cache-spi-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-infinispan-hibernate-cache-v53-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-jackson-datatype-jdk8-0:2.10.4-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-datatype-jsr310-0:2.10.4-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-jaxrs-base-0:2.10.4-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-jaxrs-json-provider-0:2.10.4-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-jaxrs-providers-0:2.10.4-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-jackson-module-jaxb-annotations-0:2.10.4-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el8eap.src", "8Base-JBEAP-7.3:eap7-jboss-server-migration-cli-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-core-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-eap7.0-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-eap7.1-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-eap7.3-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.0-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.1-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly11.0-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly12.0-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly13.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly14.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly15.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly16.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly17.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly18.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly8.2-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly9.0-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-netty-all-0:4.1.48-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-undertow-server-0:1.6.2-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el8eap.src", "8Base-JBEAP-7.3:eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el8eap.src", "8Base-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-wildfly-elytron-tool-0:1.10.7-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-javadocs-0:7.3.2-4.GA_redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-modules-0:7.3.2-4.GA_redhat_00002.1.el8eap.noarch" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2020:3463" } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.1, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "8Base-JBEAP-7.3:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-elytron-web-0:1.6.2-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-infinispan-cachestore-jdbc-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-infinispan-cachestore-remote-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-infinispan-client-hotrod-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-infinispan-commons-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-infinispan-core-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-infinispan-hibernate-cache-commons-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-infinispan-hibernate-cache-spi-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-infinispan-hibernate-cache-v53-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-jackson-datatype-jdk8-0:2.10.4-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-datatype-jsr310-0:2.10.4-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-jaxrs-base-0:2.10.4-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-jaxrs-json-provider-0:2.10.4-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-jaxrs-providers-0:2.10.4-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-jackson-module-jaxb-annotations-0:2.10.4-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el8eap.src", "8Base-JBEAP-7.3:eap7-jboss-server-migration-cli-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-core-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-eap7.0-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-eap7.1-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-eap7.3-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.0-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.1-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly11.0-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly12.0-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly13.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly14.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly15.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly16.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly17.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly18.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly8.2-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly9.0-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-netty-all-0:4.1.48-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-undertow-server-0:1.6.2-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el8eap.src", "8Base-JBEAP-7.3:eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el8eap.src", "8Base-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-wildfly-elytron-tool-0:1.10.7-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-javadocs-0:7.3.2-4.GA_redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-modules-0:7.3.2-4.GA_redhat_00002.1.el8eap.noarch" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "jackson-databind: mishandles the interaction between serialization gadgets and typing which could result in remote command execution" }, { "cve": "CVE-2020-10673", "cwe": { "id": "CWE-96", "name": "Improper Neutralization of Directives in Statically Saved Code (\u0027Static Code Injection\u0027)" }, "discovery_date": "2020-03-19T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1815470" } ], "notes": [ { "category": "description", "text": "A flaw was found in jackson-databind 2.x in versions prior to 2.9.10.4. FasterXML jackson-databind 2.x mishandles the interaction between serialization gadgets and typing. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.", "title": "Vulnerability description" }, { "category": "summary", "text": "jackson-databind: mishandles the interaction between serialization gadgets and typing which could result in remote command execution", "title": "Vulnerability summary" }, { "category": "other", "text": "Red Hat OpenStack Platform ships OpenDaylight, which contains the vulnerable jackson-databind. However, OpenDaylight does not expose jackson-databind in a way that would make it vulnerable, lowering the impact of the vulnerability for OpenDaylight. As such, Red Hat will not be providing a fix for OpenDaylight at this time. Additionally, the gadget is not available within Red Hat Openstack Platform\u0027s OpenDaylight.\n\nWhile OpenShift Container Platform\u0027s elasticsearch plugins do ship the vulnerable component, it doesn\u0027t do any of the unsafe things described in https://access.redhat.com/solutions/3279231. We may update the jackson-databind dependency in a future release.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "8Base-JBEAP-7.3:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-elytron-web-0:1.6.2-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-infinispan-cachestore-jdbc-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-infinispan-cachestore-remote-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-infinispan-client-hotrod-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-infinispan-commons-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-infinispan-core-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-infinispan-hibernate-cache-commons-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-infinispan-hibernate-cache-spi-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-infinispan-hibernate-cache-v53-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-jackson-datatype-jdk8-0:2.10.4-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-datatype-jsr310-0:2.10.4-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-jaxrs-base-0:2.10.4-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-jaxrs-json-provider-0:2.10.4-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-jaxrs-providers-0:2.10.4-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-jackson-module-jaxb-annotations-0:2.10.4-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el8eap.src", "8Base-JBEAP-7.3:eap7-jboss-server-migration-cli-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-core-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-eap7.0-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-eap7.1-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-eap7.3-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.0-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.1-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly11.0-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly12.0-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly13.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly14.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly15.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly16.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly17.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly18.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly8.2-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly9.0-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-netty-all-0:4.1.48-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-undertow-server-0:1.6.2-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el8eap.src", "8Base-JBEAP-7.3:eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el8eap.src", "8Base-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-wildfly-elytron-tool-0:1.10.7-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-javadocs-0:7.3.2-4.GA_redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-modules-0:7.3.2-4.GA_redhat_00002.1.el8eap.noarch" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2020-10673" }, { "category": "external", "summary": "RHBZ#1815470", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1815470" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2020-10673", "url": "https://www.cve.org/CVERecord?id=CVE-2020-10673" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-10673", "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-10673" } ], "release_date": "2020-03-18T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2020-08-17T13:28:45+00:00", "details": "Before applying this update, ensure all previously released errata relevant to your system have been applied.\n\nFor details about how to apply this update, see:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "8Base-JBEAP-7.3:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-elytron-web-0:1.6.2-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-infinispan-cachestore-jdbc-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-infinispan-cachestore-remote-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-infinispan-client-hotrod-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-infinispan-commons-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-infinispan-core-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-infinispan-hibernate-cache-commons-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-infinispan-hibernate-cache-spi-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-infinispan-hibernate-cache-v53-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-jackson-datatype-jdk8-0:2.10.4-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-datatype-jsr310-0:2.10.4-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-jaxrs-base-0:2.10.4-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-jaxrs-json-provider-0:2.10.4-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-jaxrs-providers-0:2.10.4-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-jackson-module-jaxb-annotations-0:2.10.4-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el8eap.src", "8Base-JBEAP-7.3:eap7-jboss-server-migration-cli-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-core-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-eap7.0-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-eap7.1-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-eap7.3-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.0-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.1-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly11.0-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly12.0-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly13.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly14.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly15.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly16.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly17.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly18.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly8.2-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly9.0-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-netty-all-0:4.1.48-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-undertow-server-0:1.6.2-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el8eap.src", "8Base-JBEAP-7.3:eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el8eap.src", "8Base-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-wildfly-elytron-tool-0:1.10.7-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-javadocs-0:7.3.2-4.GA_redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-modules-0:7.3.2-4.GA_redhat_00002.1.el8eap.noarch" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2020:3463" } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 5.6, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L", "version": "3.1" }, "products": [ "8Base-JBEAP-7.3:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-elytron-web-0:1.6.2-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-infinispan-cachestore-jdbc-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-infinispan-cachestore-remote-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-infinispan-client-hotrod-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-infinispan-commons-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-infinispan-core-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-infinispan-hibernate-cache-commons-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-infinispan-hibernate-cache-spi-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-infinispan-hibernate-cache-v53-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-jackson-datatype-jdk8-0:2.10.4-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-datatype-jsr310-0:2.10.4-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-jaxrs-base-0:2.10.4-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-jaxrs-json-provider-0:2.10.4-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-jaxrs-providers-0:2.10.4-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-jackson-module-jaxb-annotations-0:2.10.4-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el8eap.src", "8Base-JBEAP-7.3:eap7-jboss-server-migration-cli-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-core-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-eap7.0-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-eap7.1-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-eap7.3-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.0-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.1-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly11.0-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly12.0-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly13.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly14.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly15.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly16.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly17.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly18.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly8.2-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly9.0-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-netty-all-0:4.1.48-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-undertow-server-0:1.6.2-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el8eap.src", "8Base-JBEAP-7.3:eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el8eap.src", "8Base-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-wildfly-elytron-tool-0:1.10.7-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-javadocs-0:7.3.2-4.GA_redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-modules-0:7.3.2-4.GA_redhat_00002.1.el8eap.noarch" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "jackson-databind: mishandles the interaction between serialization gadgets and typing which could result in remote command execution" }, { "acknowledgments": [ { "names": [ "Adith Sudhakar" ] } ], "cve": "CVE-2020-10683", "cwe": { "id": "CWE-611", "name": "Improper Restriction of XML External Entity Reference" }, "discovery_date": "2019-03-28T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1694235" } ], "notes": [ { "category": "description", "text": "dom4j before 2.0.3 and 2.1.x before 2.1.3 allows external DTDs and External Entities by default, which might enable XXE attacks. However, there is popular external documentation from OWASP showing how to enable the safe, non-default behavior in any application that uses dom4j.", "title": "Vulnerability description" }, { "category": "summary", "text": "dom4j: XML External Entity vulnerability in default SAX parser", "title": "Vulnerability summary" }, { "category": "other", "text": "OpenShift Container Platform ships a vulnerable version of dom4j library. However it\u0027s used to parse configuration files, which are local disk resources. We\u0027ve rated this issue with a moderate impact for OpenShift Container Platform.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "8Base-JBEAP-7.3:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-elytron-web-0:1.6.2-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-infinispan-cachestore-jdbc-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-infinispan-cachestore-remote-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-infinispan-client-hotrod-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-infinispan-commons-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-infinispan-core-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-infinispan-hibernate-cache-commons-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-infinispan-hibernate-cache-spi-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-infinispan-hibernate-cache-v53-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-jackson-datatype-jdk8-0:2.10.4-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-datatype-jsr310-0:2.10.4-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-jaxrs-base-0:2.10.4-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-jaxrs-json-provider-0:2.10.4-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-jaxrs-providers-0:2.10.4-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-jackson-module-jaxb-annotations-0:2.10.4-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el8eap.src", "8Base-JBEAP-7.3:eap7-jboss-server-migration-cli-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-core-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-eap7.0-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-eap7.1-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-eap7.3-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.0-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.1-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly11.0-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly12.0-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly13.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly14.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly15.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly16.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly17.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly18.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly8.2-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly9.0-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-netty-all-0:4.1.48-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-undertow-server-0:1.6.2-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el8eap.src", "8Base-JBEAP-7.3:eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el8eap.src", "8Base-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-wildfly-elytron-tool-0:1.10.7-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-javadocs-0:7.3.2-4.GA_redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-modules-0:7.3.2-4.GA_redhat_00002.1.el8eap.noarch" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2020-10683" }, { "category": "external", "summary": "RHBZ#1694235", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1694235" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2020-10683", "url": "https://www.cve.org/CVERecord?id=CVE-2020-10683" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-10683", "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-10683" } ], "release_date": "2020-04-15T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2020-08-17T13:28:45+00:00", "details": "Before applying this update, ensure all previously released errata relevant to your system have been applied.\n\nFor details about how to apply this update, see:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "8Base-JBEAP-7.3:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-elytron-web-0:1.6.2-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-infinispan-cachestore-jdbc-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-infinispan-cachestore-remote-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-infinispan-client-hotrod-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-infinispan-commons-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-infinispan-core-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-infinispan-hibernate-cache-commons-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-infinispan-hibernate-cache-spi-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-infinispan-hibernate-cache-v53-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-jackson-datatype-jdk8-0:2.10.4-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-datatype-jsr310-0:2.10.4-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-jaxrs-base-0:2.10.4-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-jaxrs-json-provider-0:2.10.4-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-jaxrs-providers-0:2.10.4-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-jackson-module-jaxb-annotations-0:2.10.4-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el8eap.src", "8Base-JBEAP-7.3:eap7-jboss-server-migration-cli-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-core-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-eap7.0-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-eap7.1-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-eap7.3-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.0-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.1-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly11.0-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly12.0-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly13.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly14.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly15.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly16.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly17.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly18.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly8.2-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly9.0-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-netty-all-0:4.1.48-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-undertow-server-0:1.6.2-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el8eap.src", "8Base-JBEAP-7.3:eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el8eap.src", "8Base-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-wildfly-elytron-tool-0:1.10.7-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-javadocs-0:7.3.2-4.GA_redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-modules-0:7.3.2-4.GA_redhat_00002.1.el8eap.noarch" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2020:3463" } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 5.0, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:L", "version": "3.1" }, "products": [ "8Base-JBEAP-7.3:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-elytron-web-0:1.6.2-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-infinispan-cachestore-jdbc-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-infinispan-cachestore-remote-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-infinispan-client-hotrod-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-infinispan-commons-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-infinispan-core-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-infinispan-hibernate-cache-commons-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-infinispan-hibernate-cache-spi-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-infinispan-hibernate-cache-v53-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-jackson-datatype-jdk8-0:2.10.4-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-datatype-jsr310-0:2.10.4-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-jaxrs-base-0:2.10.4-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-jaxrs-json-provider-0:2.10.4-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-jaxrs-providers-0:2.10.4-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-jackson-module-jaxb-annotations-0:2.10.4-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el8eap.src", "8Base-JBEAP-7.3:eap7-jboss-server-migration-cli-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-core-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-eap7.0-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-eap7.1-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-eap7.3-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.0-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.1-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly11.0-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly12.0-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly13.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly14.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly15.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly16.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly17.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly18.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly8.2-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly9.0-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-netty-all-0:4.1.48-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-undertow-server-0:1.6.2-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el8eap.src", "8Base-JBEAP-7.3:eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el8eap.src", "8Base-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-wildfly-elytron-tool-0:1.10.7-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-javadocs-0:7.3.2-4.GA_redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-modules-0:7.3.2-4.GA_redhat_00002.1.el8eap.noarch" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "dom4j: XML External Entity vulnerability in default SAX parser" }, { "acknowledgments": [ { "names": [ "Aaron Ogburn" ], "organization": "Red Hat", "summary": "This issue was discovered by Red Hat." } ], "cve": "CVE-2020-10687", "cwe": { "id": "CWE-444", "name": "Inconsistent Interpretation of HTTP Requests (\u0027HTTP Request/Response Smuggling\u0027)" }, "discovery_date": "2019-06-27T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1785049" } ], "notes": [ { "category": "description", "text": "A flaw was discovered in Undertow where HTTP request smuggling related to CVE-2017-2666 is possible against HTTP/1.x and HTTP/2 due to permitting invalid characters in an HTTP request. This flaw allows an attacker to poison a web-cache, perform an XSS attack, or obtain sensitive information from request other than their own.", "title": "Vulnerability description" }, { "category": "summary", "text": "Undertow: Incomplete fix for CVE-2017-2666 due to permitting invalid characters in HTTP requests", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "8Base-JBEAP-7.3:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-elytron-web-0:1.6.2-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-infinispan-cachestore-jdbc-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-infinispan-cachestore-remote-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-infinispan-client-hotrod-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-infinispan-commons-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-infinispan-core-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-infinispan-hibernate-cache-commons-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-infinispan-hibernate-cache-spi-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-infinispan-hibernate-cache-v53-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-jackson-datatype-jdk8-0:2.10.4-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-datatype-jsr310-0:2.10.4-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-jaxrs-base-0:2.10.4-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-jaxrs-json-provider-0:2.10.4-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-jaxrs-providers-0:2.10.4-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-jackson-module-jaxb-annotations-0:2.10.4-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el8eap.src", "8Base-JBEAP-7.3:eap7-jboss-server-migration-cli-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-core-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-eap7.0-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-eap7.1-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-eap7.3-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.0-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.1-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly11.0-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly12.0-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly13.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly14.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly15.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly16.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly17.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly18.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly8.2-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly9.0-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-netty-all-0:4.1.48-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-undertow-server-0:1.6.2-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el8eap.src", "8Base-JBEAP-7.3:eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el8eap.src", "8Base-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-wildfly-elytron-tool-0:1.10.7-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-javadocs-0:7.3.2-4.GA_redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-modules-0:7.3.2-4.GA_redhat_00002.1.el8eap.noarch" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2020-10687" }, { "category": "external", "summary": "RHBZ#1785049", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1785049" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2020-10687", "url": "https://www.cve.org/CVERecord?id=CVE-2020-10687" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-10687", "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-10687" } ], "release_date": "2020-04-15T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2020-08-17T13:28:45+00:00", "details": "Before applying this update, ensure all previously released errata relevant to your system have been applied.\n\nFor details about how to apply this update, see:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "8Base-JBEAP-7.3:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-elytron-web-0:1.6.2-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-infinispan-cachestore-jdbc-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-infinispan-cachestore-remote-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-infinispan-client-hotrod-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-infinispan-commons-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-infinispan-core-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-infinispan-hibernate-cache-commons-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-infinispan-hibernate-cache-spi-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-infinispan-hibernate-cache-v53-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-jackson-datatype-jdk8-0:2.10.4-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-datatype-jsr310-0:2.10.4-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-jaxrs-base-0:2.10.4-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-jaxrs-json-provider-0:2.10.4-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-jaxrs-providers-0:2.10.4-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-jackson-module-jaxb-annotations-0:2.10.4-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el8eap.src", "8Base-JBEAP-7.3:eap7-jboss-server-migration-cli-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-core-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-eap7.0-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-eap7.1-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-eap7.3-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.0-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.1-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly11.0-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly12.0-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly13.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly14.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly15.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly16.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly17.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly18.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly8.2-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly9.0-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-netty-all-0:4.1.48-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-undertow-server-0:1.6.2-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el8eap.src", "8Base-JBEAP-7.3:eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el8eap.src", "8Base-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-wildfly-elytron-tool-0:1.10.7-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-javadocs-0:7.3.2-4.GA_redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-modules-0:7.3.2-4.GA_redhat_00002.1.el8eap.noarch" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2020:3463" } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 4.8, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N", "version": "3.0" }, "products": [ "8Base-JBEAP-7.3:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-elytron-web-0:1.6.2-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-infinispan-cachestore-jdbc-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-infinispan-cachestore-remote-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-infinispan-client-hotrod-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-infinispan-commons-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-infinispan-core-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-infinispan-hibernate-cache-commons-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-infinispan-hibernate-cache-spi-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-infinispan-hibernate-cache-v53-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-jackson-datatype-jdk8-0:2.10.4-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-datatype-jsr310-0:2.10.4-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-jaxrs-base-0:2.10.4-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-jaxrs-json-provider-0:2.10.4-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-jaxrs-providers-0:2.10.4-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-jackson-module-jaxb-annotations-0:2.10.4-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el8eap.src", "8Base-JBEAP-7.3:eap7-jboss-server-migration-cli-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-core-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-eap7.0-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-eap7.1-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-eap7.3-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.0-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.1-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly11.0-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly12.0-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly13.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly14.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly15.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly16.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly17.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly18.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly8.2-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly9.0-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-netty-all-0:4.1.48-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-undertow-server-0:1.6.2-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el8eap.src", "8Base-JBEAP-7.3:eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el8eap.src", "8Base-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-wildfly-elytron-tool-0:1.10.7-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-javadocs-0:7.3.2-4.GA_redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-modules-0:7.3.2-4.GA_redhat_00002.1.el8eap.noarch" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "Undertow: Incomplete fix for CVE-2017-2666 due to permitting invalid characters in HTTP requests" }, { "acknowledgments": [ { "names": [ "Alvaro Mu\u00f1oz" ], "organization": "GitHub Security Labs" } ], "cve": "CVE-2020-10693", "cwe": { "id": "CWE-20", "name": "Improper Input Validation" }, "discovery_date": "2020-02-05T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1805501" } ], "notes": [ { "category": "description", "text": "A flaw was found in Hibernate Validator version 6.1.2.Final. A bug in the message interpolation processor enables invalid EL expressions to be evaluated as if they were valid. This flaw allows attackers to bypass input sanitation (escaping, stripping) controls that developers may have put in place when handling user-controlled data in error messages.", "title": "Vulnerability description" }, { "category": "summary", "text": "hibernate-validator: Improper input validation in the interpolation of constraint error messages", "title": "Vulnerability summary" }, { "category": "other", "text": "hibernate-validator is packaged with Red Hat OpenStack Platform 13.0\u0027s OpenDaylight (ODL). However, because ODL is technical preview in this version and the flaw is moderate, Red Hat will not be releasing a fix for the OpenStack package at this time.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "8Base-JBEAP-7.3:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-elytron-web-0:1.6.2-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-infinispan-cachestore-jdbc-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-infinispan-cachestore-remote-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-infinispan-client-hotrod-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-infinispan-commons-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-infinispan-core-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-infinispan-hibernate-cache-commons-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-infinispan-hibernate-cache-spi-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-infinispan-hibernate-cache-v53-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-jackson-datatype-jdk8-0:2.10.4-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-datatype-jsr310-0:2.10.4-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-jaxrs-base-0:2.10.4-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-jaxrs-json-provider-0:2.10.4-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-jaxrs-providers-0:2.10.4-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-jackson-module-jaxb-annotations-0:2.10.4-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el8eap.src", "8Base-JBEAP-7.3:eap7-jboss-server-migration-cli-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-core-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-eap7.0-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-eap7.1-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-eap7.3-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.0-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.1-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly11.0-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly12.0-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly13.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly14.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly15.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly16.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly17.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly18.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly8.2-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly9.0-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-netty-all-0:4.1.48-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-undertow-server-0:1.6.2-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el8eap.src", "8Base-JBEAP-7.3:eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el8eap.src", "8Base-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-wildfly-elytron-tool-0:1.10.7-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-javadocs-0:7.3.2-4.GA_redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-modules-0:7.3.2-4.GA_redhat_00002.1.el8eap.noarch" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2020-10693" }, { "category": "external", "summary": "RHBZ#1805501", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1805501" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2020-10693", "url": "https://www.cve.org/CVERecord?id=CVE-2020-10693" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-10693", "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-10693" } ], "release_date": "2020-05-05T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2020-08-17T13:28:45+00:00", "details": "Before applying this update, ensure all previously released errata relevant to your system have been applied.\n\nFor details about how to apply this update, see:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "8Base-JBEAP-7.3:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-elytron-web-0:1.6.2-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-infinispan-cachestore-jdbc-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-infinispan-cachestore-remote-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-infinispan-client-hotrod-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-infinispan-commons-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-infinispan-core-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-infinispan-hibernate-cache-commons-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-infinispan-hibernate-cache-spi-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-infinispan-hibernate-cache-v53-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-jackson-datatype-jdk8-0:2.10.4-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-datatype-jsr310-0:2.10.4-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-jaxrs-base-0:2.10.4-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-jaxrs-json-provider-0:2.10.4-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-jaxrs-providers-0:2.10.4-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-jackson-module-jaxb-annotations-0:2.10.4-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el8eap.src", "8Base-JBEAP-7.3:eap7-jboss-server-migration-cli-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-core-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-eap7.0-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-eap7.1-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-eap7.3-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.0-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.1-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly11.0-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly12.0-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly13.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly14.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly15.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly16.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly17.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly18.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly8.2-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly9.0-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-netty-all-0:4.1.48-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-undertow-server-0:1.6.2-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el8eap.src", "8Base-JBEAP-7.3:eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el8eap.src", "8Base-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-wildfly-elytron-tool-0:1.10.7-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-javadocs-0:7.3.2-4.GA_redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-modules-0:7.3.2-4.GA_redhat_00002.1.el8eap.noarch" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2020:3463" }, { "category": "workaround", "details": "You can pass user input as an expression variable by unwrapping the context to HibernateConstraintValidatorContext. Please refer to the https://in.relation.to/2020/05/07/hibernate-validator-615-6020-released/ and https://docs.jboss.org/hibernate/stable/validator/reference/en-US/html_single/#_the_code_constraintvalidatorcontext_code.", "product_ids": [ "8Base-JBEAP-7.3:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-elytron-web-0:1.6.2-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-infinispan-cachestore-jdbc-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-infinispan-cachestore-remote-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-infinispan-client-hotrod-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-infinispan-commons-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-infinispan-core-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-infinispan-hibernate-cache-commons-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-infinispan-hibernate-cache-spi-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-infinispan-hibernate-cache-v53-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-jackson-datatype-jdk8-0:2.10.4-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-datatype-jsr310-0:2.10.4-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-jaxrs-base-0:2.10.4-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-jaxrs-json-provider-0:2.10.4-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-jaxrs-providers-0:2.10.4-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-jackson-module-jaxb-annotations-0:2.10.4-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el8eap.src", "8Base-JBEAP-7.3:eap7-jboss-server-migration-cli-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-core-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-eap7.0-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-eap7.1-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-eap7.3-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.0-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.1-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly11.0-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly12.0-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly13.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly14.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly15.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly16.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly17.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly18.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly8.2-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly9.0-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-netty-all-0:4.1.48-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-undertow-server-0:1.6.2-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el8eap.src", "8Base-JBEAP-7.3:eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el8eap.src", "8Base-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-wildfly-elytron-tool-0:1.10.7-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-javadocs-0:7.3.2-4.GA_redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-modules-0:7.3.2-4.GA_redhat_00002.1.el8eap.noarch" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", "version": "3.1" }, "products": [ "8Base-JBEAP-7.3:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-elytron-web-0:1.6.2-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-infinispan-cachestore-jdbc-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-infinispan-cachestore-remote-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-infinispan-client-hotrod-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-infinispan-commons-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-infinispan-core-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-infinispan-hibernate-cache-commons-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-infinispan-hibernate-cache-spi-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-infinispan-hibernate-cache-v53-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-jackson-datatype-jdk8-0:2.10.4-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-datatype-jsr310-0:2.10.4-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-jaxrs-base-0:2.10.4-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-jaxrs-json-provider-0:2.10.4-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-jaxrs-providers-0:2.10.4-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-jackson-module-jaxb-annotations-0:2.10.4-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el8eap.src", "8Base-JBEAP-7.3:eap7-jboss-server-migration-cli-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-core-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-eap7.0-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-eap7.1-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-eap7.3-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.0-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.1-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly11.0-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly12.0-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly13.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly14.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly15.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly16.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly17.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly18.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly8.2-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly9.0-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-netty-all-0:4.1.48-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-undertow-server-0:1.6.2-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el8eap.src", "8Base-JBEAP-7.3:eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el8eap.src", "8Base-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-wildfly-elytron-tool-0:1.10.7-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-javadocs-0:7.3.2-4.GA_redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-modules-0:7.3.2-4.GA_redhat_00002.1.el8eap.noarch" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "hibernate-validator: Improper input validation in the interpolation of constraint error messages" }, { "acknowledgments": [ { "names": [ "Mark Banierink" ], "organization": "Nedap" } ], "cve": "CVE-2020-10714", "cwe": { "id": "CWE-384", "name": "Session Fixation" }, "discovery_date": "2020-03-24T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1825714" } ], "notes": [ { "category": "description", "text": "A flaw was found in WildFly Elytron version 1.11.3.Final and before. When using WildFly Elytron FORM authentication with a session ID in the URL, an attacker could perform a session fixation attack. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.", "title": "Vulnerability description" }, { "category": "summary", "text": "wildfly-elytron: session fixation when using FORM authentication", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "8Base-JBEAP-7.3:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-elytron-web-0:1.6.2-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-infinispan-cachestore-jdbc-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-infinispan-cachestore-remote-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-infinispan-client-hotrod-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-infinispan-commons-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-infinispan-core-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-infinispan-hibernate-cache-commons-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-infinispan-hibernate-cache-spi-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-infinispan-hibernate-cache-v53-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-jackson-datatype-jdk8-0:2.10.4-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-datatype-jsr310-0:2.10.4-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-jaxrs-base-0:2.10.4-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-jaxrs-json-provider-0:2.10.4-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-jaxrs-providers-0:2.10.4-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-jackson-module-jaxb-annotations-0:2.10.4-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el8eap.src", "8Base-JBEAP-7.3:eap7-jboss-server-migration-cli-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-core-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-eap7.0-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-eap7.1-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-eap7.3-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.0-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.1-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly11.0-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly12.0-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly13.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly14.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly15.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly16.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly17.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly18.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly8.2-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly9.0-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-netty-all-0:4.1.48-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-undertow-server-0:1.6.2-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el8eap.src", "8Base-JBEAP-7.3:eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el8eap.src", "8Base-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-wildfly-elytron-tool-0:1.10.7-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-javadocs-0:7.3.2-4.GA_redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-modules-0:7.3.2-4.GA_redhat_00002.1.el8eap.noarch" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2020-10714" }, { "category": "external", "summary": "RHBZ#1825714", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1825714" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2020-10714", "url": "https://www.cve.org/CVERecord?id=CVE-2020-10714" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-10714", "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-10714" } ], "release_date": "2020-04-28T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2020-08-17T13:28:45+00:00", "details": "Before applying this update, ensure all previously released errata relevant to your system have been applied.\n\nFor details about how to apply this update, see:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "8Base-JBEAP-7.3:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-elytron-web-0:1.6.2-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-infinispan-cachestore-jdbc-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-infinispan-cachestore-remote-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-infinispan-client-hotrod-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-infinispan-commons-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-infinispan-core-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-infinispan-hibernate-cache-commons-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-infinispan-hibernate-cache-spi-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-infinispan-hibernate-cache-v53-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-jackson-datatype-jdk8-0:2.10.4-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-datatype-jsr310-0:2.10.4-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-jaxrs-base-0:2.10.4-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-jaxrs-json-provider-0:2.10.4-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-jaxrs-providers-0:2.10.4-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-jackson-module-jaxb-annotations-0:2.10.4-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el8eap.src", "8Base-JBEAP-7.3:eap7-jboss-server-migration-cli-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-core-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-eap7.0-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-eap7.1-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-eap7.3-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.0-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.1-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly11.0-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly12.0-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly13.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly14.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly15.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly16.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly17.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly18.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly8.2-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly9.0-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-netty-all-0:4.1.48-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-undertow-server-0:1.6.2-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el8eap.src", "8Base-JBEAP-7.3:eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el8eap.src", "8Base-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-wildfly-elytron-tool-0:1.10.7-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-javadocs-0:7.3.2-4.GA_redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-modules-0:7.3.2-4.GA_redhat_00002.1.el8eap.noarch" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2020:3463" }, { "category": "workaround", "details": "This attack is dependent on the attacker being able to create a session and the victim accessing the session before the session expires, we do have a 15 minute session timeout by default but the attacker could also keep this alive by say sending in a request every five minutes.\n\nThe server by default supports session tracking by URL and Cookie, if the web.xml is updated to support COOKIE only the exploit is not possible by sharing the link.\n~~~\n \u003csession-config\u003e\n \u003ctracking-mode\u003eURL\u003c/tracking-mode\u003e\n \u003c/session-config\u003e\n~~~\nTO\n~~~\n \u003csession-config\u003e\n \u003ctracking-mode\u003eCOOKIE\u003c/tracking-mode\u003e\n \u003c/session-config\u003e\n~~~", "product_ids": [ "8Base-JBEAP-7.3:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-elytron-web-0:1.6.2-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-infinispan-cachestore-jdbc-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-infinispan-cachestore-remote-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-infinispan-client-hotrod-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-infinispan-commons-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-infinispan-core-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-infinispan-hibernate-cache-commons-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-infinispan-hibernate-cache-spi-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-infinispan-hibernate-cache-v53-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-jackson-datatype-jdk8-0:2.10.4-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-datatype-jsr310-0:2.10.4-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-jaxrs-base-0:2.10.4-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-jaxrs-json-provider-0:2.10.4-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-jaxrs-providers-0:2.10.4-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-jackson-module-jaxb-annotations-0:2.10.4-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el8eap.src", "8Base-JBEAP-7.3:eap7-jboss-server-migration-cli-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-core-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-eap7.0-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-eap7.1-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-eap7.3-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.0-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.1-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly11.0-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly12.0-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly13.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly14.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly15.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly16.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly17.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly18.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly8.2-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly9.0-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-netty-all-0:4.1.48-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-undertow-server-0:1.6.2-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el8eap.src", "8Base-JBEAP-7.3:eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el8eap.src", "8Base-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-wildfly-elytron-tool-0:1.10.7-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-javadocs-0:7.3.2-4.GA_redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-modules-0:7.3.2-4.GA_redhat_00002.1.el8eap.noarch" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "8Base-JBEAP-7.3:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-elytron-web-0:1.6.2-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-infinispan-cachestore-jdbc-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-infinispan-cachestore-remote-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-infinispan-client-hotrod-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-infinispan-commons-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-infinispan-core-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-infinispan-hibernate-cache-commons-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-infinispan-hibernate-cache-spi-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-infinispan-hibernate-cache-v53-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-jackson-datatype-jdk8-0:2.10.4-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-datatype-jsr310-0:2.10.4-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-jaxrs-base-0:2.10.4-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-jaxrs-json-provider-0:2.10.4-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-jaxrs-providers-0:2.10.4-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-jackson-module-jaxb-annotations-0:2.10.4-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el8eap.src", "8Base-JBEAP-7.3:eap7-jboss-server-migration-cli-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-core-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-eap7.0-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-eap7.1-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-eap7.3-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.0-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.1-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly11.0-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly12.0-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly13.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly14.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly15.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly16.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly17.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly18.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly8.2-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly9.0-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-netty-all-0:4.1.48-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-undertow-server-0:1.6.2-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el8eap.src", "8Base-JBEAP-7.3:eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el8eap.src", "8Base-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-wildfly-elytron-tool-0:1.10.7-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-javadocs-0:7.3.2-4.GA_redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-modules-0:7.3.2-4.GA_redhat_00002.1.el8eap.noarch" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "wildfly-elytron: session fixation when using FORM authentication" }, { "acknowledgments": [ { "names": [ "James R. Perkins" ], "organization": "Red Hat", "summary": "This issue was discovered by Red Hat." } ], "cve": "CVE-2020-10718", "cwe": { "id": "CWE-749", "name": "Exposed Dangerous Method or Function" }, "discovery_date": "2020-03-09T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1828476" } ], "notes": [ { "category": "description", "text": "A flaw was found in Wildfly, where the embedded managed process API has an exposed setting of the Thread Context Classloader (TCCL). This setting is exposed as a public method, which can bypass the security manager. The highest threat from this vulnerability is to confidentiality.", "title": "Vulnerability description" }, { "category": "summary", "text": "wildfly: exposed setting of TCCL via the EmbeddedManagedProcess API", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "8Base-JBEAP-7.3:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-elytron-web-0:1.6.2-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-infinispan-cachestore-jdbc-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-infinispan-cachestore-remote-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-infinispan-client-hotrod-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-infinispan-commons-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-infinispan-core-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-infinispan-hibernate-cache-commons-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-infinispan-hibernate-cache-spi-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-infinispan-hibernate-cache-v53-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-jackson-datatype-jdk8-0:2.10.4-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-datatype-jsr310-0:2.10.4-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-jaxrs-base-0:2.10.4-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-jaxrs-json-provider-0:2.10.4-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-jaxrs-providers-0:2.10.4-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-jackson-module-jaxb-annotations-0:2.10.4-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el8eap.src", "8Base-JBEAP-7.3:eap7-jboss-server-migration-cli-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-core-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-eap7.0-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-eap7.1-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-eap7.3-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.0-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.1-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly11.0-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly12.0-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly13.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly14.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly15.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly16.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly17.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly18.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly8.2-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly9.0-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-netty-all-0:4.1.48-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-undertow-server-0:1.6.2-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el8eap.src", "8Base-JBEAP-7.3:eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el8eap.src", "8Base-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-wildfly-elytron-tool-0:1.10.7-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-javadocs-0:7.3.2-4.GA_redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-modules-0:7.3.2-4.GA_redhat_00002.1.el8eap.noarch" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2020-10718" }, { "category": "external", "summary": "RHBZ#1828476", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1828476" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2020-10718", "url": "https://www.cve.org/CVERecord?id=CVE-2020-10718" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-10718", "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-10718" } ], "release_date": "2020-08-06T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2020-08-17T13:28:45+00:00", "details": "Before applying this update, ensure all previously released errata relevant to your system have been applied.\n\nFor details about how to apply this update, see:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "8Base-JBEAP-7.3:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-elytron-web-0:1.6.2-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-infinispan-cachestore-jdbc-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-infinispan-cachestore-remote-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-infinispan-client-hotrod-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-infinispan-commons-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-infinispan-core-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-infinispan-hibernate-cache-commons-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-infinispan-hibernate-cache-spi-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-infinispan-hibernate-cache-v53-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-jackson-datatype-jdk8-0:2.10.4-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-datatype-jsr310-0:2.10.4-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-jaxrs-base-0:2.10.4-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-jaxrs-json-provider-0:2.10.4-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-jaxrs-providers-0:2.10.4-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-jackson-module-jaxb-annotations-0:2.10.4-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el8eap.src", "8Base-JBEAP-7.3:eap7-jboss-server-migration-cli-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-core-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-eap7.0-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-eap7.1-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-eap7.3-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.0-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.1-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly11.0-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly12.0-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly13.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly14.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly15.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly16.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly17.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly18.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly8.2-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly9.0-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-netty-all-0:4.1.48-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-undertow-server-0:1.6.2-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el8eap.src", "8Base-JBEAP-7.3:eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el8eap.src", "8Base-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-wildfly-elytron-tool-0:1.10.7-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-javadocs-0:7.3.2-4.GA_redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-modules-0:7.3.2-4.GA_redhat_00002.1.el8eap.noarch" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2020:3463" } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.9, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.1" }, "products": [ "8Base-JBEAP-7.3:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-elytron-web-0:1.6.2-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-infinispan-cachestore-jdbc-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-infinispan-cachestore-remote-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-infinispan-client-hotrod-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-infinispan-commons-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-infinispan-core-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-infinispan-hibernate-cache-commons-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-infinispan-hibernate-cache-spi-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-infinispan-hibernate-cache-v53-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-jackson-datatype-jdk8-0:2.10.4-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-datatype-jsr310-0:2.10.4-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-jaxrs-base-0:2.10.4-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-jaxrs-json-provider-0:2.10.4-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-jaxrs-providers-0:2.10.4-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-jackson-module-jaxb-annotations-0:2.10.4-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el8eap.src", "8Base-JBEAP-7.3:eap7-jboss-server-migration-cli-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-core-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-eap7.0-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-eap7.1-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-eap7.3-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.0-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.1-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly11.0-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly12.0-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly13.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly14.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly15.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly16.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly17.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly18.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly8.2-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly9.0-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-netty-all-0:4.1.48-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-undertow-server-0:1.6.2-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el8eap.src", "8Base-JBEAP-7.3:eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el8eap.src", "8Base-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-wildfly-elytron-tool-0:1.10.7-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-javadocs-0:7.3.2-4.GA_redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-modules-0:7.3.2-4.GA_redhat_00002.1.el8eap.noarch" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "wildfly: exposed setting of TCCL via the EmbeddedManagedProcess API" }, { "acknowledgments": [ { "names": [ "Moritz Bechler" ], "organization": "SySS GmbH" } ], "cve": "CVE-2020-10740", "cwe": { "id": "CWE-502", "name": "Deserialization of Untrusted Data" }, "discovery_date": "2020-03-25T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1834512" } ], "notes": [ { "category": "description", "text": "A flaw was found in Wildfly. A remote deserialization attack is possible in the Enterprise Application Beans (EJB) due to lack of validation/filtering capabilities in wildfly. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availablity.", "title": "Vulnerability description" }, { "category": "summary", "text": "wildfly: unsafe deserialization in Wildfly Enterprise Java Beans", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "8Base-JBEAP-7.3:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-elytron-web-0:1.6.2-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-infinispan-cachestore-jdbc-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-infinispan-cachestore-remote-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-infinispan-client-hotrod-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-infinispan-commons-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-infinispan-core-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-infinispan-hibernate-cache-commons-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-infinispan-hibernate-cache-spi-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-infinispan-hibernate-cache-v53-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-jackson-datatype-jdk8-0:2.10.4-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-datatype-jsr310-0:2.10.4-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-jaxrs-base-0:2.10.4-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-jaxrs-json-provider-0:2.10.4-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-jaxrs-providers-0:2.10.4-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-jackson-module-jaxb-annotations-0:2.10.4-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el8eap.src", "8Base-JBEAP-7.3:eap7-jboss-server-migration-cli-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-core-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-eap7.0-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-eap7.1-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-eap7.3-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.0-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.1-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly11.0-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly12.0-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly13.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly14.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly15.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly16.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly17.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly18.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly8.2-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly9.0-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-netty-all-0:4.1.48-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-undertow-server-0:1.6.2-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el8eap.src", "8Base-JBEAP-7.3:eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el8eap.src", "8Base-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-wildfly-elytron-tool-0:1.10.7-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-javadocs-0:7.3.2-4.GA_redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-modules-0:7.3.2-4.GA_redhat_00002.1.el8eap.noarch" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2020-10740" }, { "category": "external", "summary": "RHBZ#1834512", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1834512" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2020-10740", "url": "https://www.cve.org/CVERecord?id=CVE-2020-10740" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-10740", "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-10740" } ], "release_date": "2020-06-02T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2020-08-17T13:28:45+00:00", "details": "Before applying this update, ensure all previously released errata relevant to your system have been applied.\n\nFor details about how to apply this update, see:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "8Base-JBEAP-7.3:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-elytron-web-0:1.6.2-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-infinispan-cachestore-jdbc-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-infinispan-cachestore-remote-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-infinispan-client-hotrod-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-infinispan-commons-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-infinispan-core-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-infinispan-hibernate-cache-commons-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-infinispan-hibernate-cache-spi-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-infinispan-hibernate-cache-v53-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-jackson-datatype-jdk8-0:2.10.4-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-datatype-jsr310-0:2.10.4-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-jaxrs-base-0:2.10.4-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-jaxrs-json-provider-0:2.10.4-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-jaxrs-providers-0:2.10.4-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-jackson-module-jaxb-annotations-0:2.10.4-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el8eap.src", "8Base-JBEAP-7.3:eap7-jboss-server-migration-cli-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-core-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-eap7.0-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-eap7.1-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-eap7.3-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.0-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.1-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly11.0-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly12.0-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly13.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly14.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly15.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly16.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly17.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly18.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly8.2-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly9.0-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-netty-all-0:4.1.48-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-undertow-server-0:1.6.2-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el8eap.src", "8Base-JBEAP-7.3:eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el8eap.src", "8Base-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-wildfly-elytron-tool-0:1.10.7-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-javadocs-0:7.3.2-4.GA_redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-modules-0:7.3.2-4.GA_redhat_00002.1.el8eap.noarch" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2020:3463" }, { "category": "workaround", "details": "There is currently no known mitigation for this issue.", "product_ids": [ "8Base-JBEAP-7.3:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-elytron-web-0:1.6.2-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-infinispan-cachestore-jdbc-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-infinispan-cachestore-remote-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-infinispan-client-hotrod-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-infinispan-commons-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-infinispan-core-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-infinispan-hibernate-cache-commons-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-infinispan-hibernate-cache-spi-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-infinispan-hibernate-cache-v53-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-jackson-datatype-jdk8-0:2.10.4-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-datatype-jsr310-0:2.10.4-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-jaxrs-base-0:2.10.4-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-jaxrs-json-provider-0:2.10.4-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-jaxrs-providers-0:2.10.4-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-jackson-module-jaxb-annotations-0:2.10.4-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el8eap.src", "8Base-JBEAP-7.3:eap7-jboss-server-migration-cli-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-core-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-eap7.0-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-eap7.1-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-eap7.3-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.0-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.1-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly11.0-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly12.0-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly13.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly14.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly15.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly16.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly17.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly18.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly8.2-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly9.0-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-netty-all-0:4.1.48-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-undertow-server-0:1.6.2-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el8eap.src", "8Base-JBEAP-7.3:eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el8eap.src", "8Base-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-wildfly-elytron-tool-0:1.10.7-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-javadocs-0:7.3.2-4.GA_redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-modules-0:7.3.2-4.GA_redhat_00002.1.el8eap.noarch" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "8Base-JBEAP-7.3:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-elytron-web-0:1.6.2-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-infinispan-cachestore-jdbc-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-infinispan-cachestore-remote-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-infinispan-client-hotrod-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-infinispan-commons-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-infinispan-core-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-infinispan-hibernate-cache-commons-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-infinispan-hibernate-cache-spi-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-infinispan-hibernate-cache-v53-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-jackson-datatype-jdk8-0:2.10.4-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-datatype-jsr310-0:2.10.4-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-jaxrs-base-0:2.10.4-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-jaxrs-json-provider-0:2.10.4-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-jaxrs-providers-0:2.10.4-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-jackson-module-jaxb-annotations-0:2.10.4-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el8eap.src", "8Base-JBEAP-7.3:eap7-jboss-server-migration-cli-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-core-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-eap7.0-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-eap7.1-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-eap7.3-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.0-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.1-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly11.0-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly12.0-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly13.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly14.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly15.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly16.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly17.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly18.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly8.2-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly9.0-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-netty-all-0:4.1.48-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-undertow-server-0:1.6.2-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el8eap.src", "8Base-JBEAP-7.3:eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el8eap.src", "8Base-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-wildfly-elytron-tool-0:1.10.7-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-javadocs-0:7.3.2-4.GA_redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-modules-0:7.3.2-4.GA_redhat_00002.1.el8eap.noarch" ] } ], "threats": [ { "category": "impact", "details": "Important" } ], "title": "wildfly: unsafe deserialization in Wildfly Enterprise Java Beans" }, { "cve": "CVE-2020-11612", "cwe": { "id": "CWE-400", "name": "Uncontrolled Resource Consumption" }, "discovery_date": "2020-03-23T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1816216" } ], "notes": [ { "category": "description", "text": "A flaw was found in Netty in the way it handles the amount of data it compresses and decompresses. The Compression/Decompression codecs should enforce memory allocation size limits to avoid an Out of Memory Error (OOME) or exhaustion of the memory pool.", "title": "Vulnerability description" }, { "category": "summary", "text": "netty: compression/decompression codecs don\u0027t enforce limits on buffer allocation sizes", "title": "Vulnerability summary" }, { "category": "other", "text": "In OpenShift Container Platform end users don\u0027t have direct access to send requests to ElasticSearch. A user could need access to the ElasticSearch service on the internal cluster network in order to be able to send malicious requests to it.\n\n\nThird party scanners flagging Red Hat Satellite due to availability of the higher version packages in Red Hat AMQ Clients (through errata RHSA-2020:2605) compare to the qpid packages from Satellite Tools repository. qpid dependency fixed in errata RHSA-2020:2605 was for Red Hat AMQ Clients and it doesn\u0027t necessarily mean that packages from Satellite Tools are affected. These are two different products with different architecture and code-base. Updating the packages from any other repository than the Satellite-tools repository is not recommended for Satellite Customers. \n\nRed Hat Satellite 6.7 and earlier ship affected version of netty, however, there is no external connection being exposed and it is used by only Artemis to open an internal connection within the JVM. Since netty does not come into contact with untrusted data, vulnerability is not exposed in product code and there is no breach of Confidentiality, Integrity or Availability expected from this vulnerability. We may update the netty and its dependency in a future release.\n\nMore information regarding Satellite related packages can be found on KCS: https://access.redhat.com/solutions/5200591", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "8Base-JBEAP-7.3:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-elytron-web-0:1.6.2-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-infinispan-cachestore-jdbc-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-infinispan-cachestore-remote-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-infinispan-client-hotrod-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-infinispan-commons-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-infinispan-core-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-infinispan-hibernate-cache-commons-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-infinispan-hibernate-cache-spi-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-infinispan-hibernate-cache-v53-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-jackson-datatype-jdk8-0:2.10.4-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-datatype-jsr310-0:2.10.4-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-jaxrs-base-0:2.10.4-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-jaxrs-json-provider-0:2.10.4-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-jaxrs-providers-0:2.10.4-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-jackson-module-jaxb-annotations-0:2.10.4-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el8eap.src", "8Base-JBEAP-7.3:eap7-jboss-server-migration-cli-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-core-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-eap7.0-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-eap7.1-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-eap7.3-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.0-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.1-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly11.0-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly12.0-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly13.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly14.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly15.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly16.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly17.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly18.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly8.2-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly9.0-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-netty-all-0:4.1.48-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-undertow-server-0:1.6.2-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el8eap.src", "8Base-JBEAP-7.3:eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el8eap.src", "8Base-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-wildfly-elytron-tool-0:1.10.7-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-javadocs-0:7.3.2-4.GA_redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-modules-0:7.3.2-4.GA_redhat_00002.1.el8eap.noarch" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2020-11612" }, { "category": "external", "summary": "RHBZ#1816216", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1816216" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2020-11612", "url": "https://www.cve.org/CVERecord?id=CVE-2020-11612" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-11612", "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-11612" } ], "release_date": "2020-01-31T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2020-08-17T13:28:45+00:00", "details": "Before applying this update, ensure all previously released errata relevant to your system have been applied.\n\nFor details about how to apply this update, see:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "8Base-JBEAP-7.3:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-elytron-web-0:1.6.2-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-infinispan-cachestore-jdbc-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-infinispan-cachestore-remote-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-infinispan-client-hotrod-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-infinispan-commons-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-infinispan-core-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-infinispan-hibernate-cache-commons-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-infinispan-hibernate-cache-spi-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-infinispan-hibernate-cache-v53-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-jackson-datatype-jdk8-0:2.10.4-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-datatype-jsr310-0:2.10.4-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-jaxrs-base-0:2.10.4-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-jaxrs-json-provider-0:2.10.4-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-jaxrs-providers-0:2.10.4-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-jackson-module-jaxb-annotations-0:2.10.4-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el8eap.src", "8Base-JBEAP-7.3:eap7-jboss-server-migration-cli-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-core-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-eap7.0-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-eap7.1-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-eap7.3-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.0-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.1-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly11.0-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly12.0-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly13.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly14.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly15.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly16.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly17.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly18.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly8.2-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly9.0-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-netty-all-0:4.1.48-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-undertow-server-0:1.6.2-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el8eap.src", "8Base-JBEAP-7.3:eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el8eap.src", "8Base-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-wildfly-elytron-tool-0:1.10.7-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-javadocs-0:7.3.2-4.GA_redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-modules-0:7.3.2-4.GA_redhat_00002.1.el8eap.noarch" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2020:3463" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "8Base-JBEAP-7.3:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-elytron-web-0:1.6.2-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-infinispan-cachestore-jdbc-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-infinispan-cachestore-remote-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-infinispan-client-hotrod-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-infinispan-commons-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-infinispan-core-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-infinispan-hibernate-cache-commons-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-infinispan-hibernate-cache-spi-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-infinispan-hibernate-cache-v53-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-jackson-datatype-jdk8-0:2.10.4-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-datatype-jsr310-0:2.10.4-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-jaxrs-base-0:2.10.4-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-jaxrs-json-provider-0:2.10.4-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-jaxrs-providers-0:2.10.4-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-jackson-module-jaxb-annotations-0:2.10.4-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el8eap.src", "8Base-JBEAP-7.3:eap7-jboss-server-migration-cli-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-core-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-eap7.0-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-eap7.1-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-eap7.3-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.0-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.1-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly11.0-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly12.0-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly13.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly14.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly15.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly16.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly17.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly18.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly8.2-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly9.0-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-netty-all-0:4.1.48-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-undertow-server-0:1.6.2-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el8eap.src", "8Base-JBEAP-7.3:eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el8eap.src", "8Base-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-wildfly-elytron-tool-0:1.10.7-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-javadocs-0:7.3.2-4.GA_redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-modules-0:7.3.2-4.GA_redhat_00002.1.el8eap.noarch" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "netty: compression/decompression codecs don\u0027t enforce limits on buffer allocation sizes" }, { "cve": "CVE-2020-14297", "cwe": { "id": "CWE-400", "name": "Uncontrolled Resource Consumption" }, "discovery_date": "2020-07-01T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1853595" } ], "notes": [ { "category": "description", "text": "A flaw was found in Wildfly\u0027s EJB Client, where the accumulation of specific EJB transaction objects over time can cause services to slow down and eventually become unavailable. This flaw allows an attacker to cause a denial of service. The highest threat from this vulnerability is to system availability.", "title": "Vulnerability description" }, { "category": "summary", "text": "wildfly: Some EJB transaction objects may get accumulated causing Denial of Service", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "8Base-JBEAP-7.3:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-elytron-web-0:1.6.2-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-infinispan-cachestore-jdbc-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-infinispan-cachestore-remote-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-infinispan-client-hotrod-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-infinispan-commons-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-infinispan-core-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-infinispan-hibernate-cache-commons-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-infinispan-hibernate-cache-spi-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-infinispan-hibernate-cache-v53-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-jackson-datatype-jdk8-0:2.10.4-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-datatype-jsr310-0:2.10.4-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-jaxrs-base-0:2.10.4-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-jaxrs-json-provider-0:2.10.4-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-jaxrs-providers-0:2.10.4-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-jackson-module-jaxb-annotations-0:2.10.4-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el8eap.src", "8Base-JBEAP-7.3:eap7-jboss-server-migration-cli-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-core-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-eap7.0-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-eap7.1-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-eap7.3-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.0-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.1-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly11.0-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly12.0-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly13.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly14.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly15.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly16.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly17.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly18.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly8.2-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly9.0-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-netty-all-0:4.1.48-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-undertow-server-0:1.6.2-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el8eap.src", "8Base-JBEAP-7.3:eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el8eap.src", "8Base-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-wildfly-elytron-tool-0:1.10.7-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-javadocs-0:7.3.2-4.GA_redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-modules-0:7.3.2-4.GA_redhat_00002.1.el8eap.noarch" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2020-14297" }, { "category": "external", "summary": "RHBZ#1853595", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1853595" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2020-14297", "url": "https://www.cve.org/CVERecord?id=CVE-2020-14297" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-14297", "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-14297" } ], "release_date": "2020-07-23T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2020-08-17T13:28:45+00:00", "details": "Before applying this update, ensure all previously released errata relevant to your system have been applied.\n\nFor details about how to apply this update, see:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "8Base-JBEAP-7.3:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-elytron-web-0:1.6.2-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-infinispan-cachestore-jdbc-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-infinispan-cachestore-remote-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-infinispan-client-hotrod-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-infinispan-commons-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-infinispan-core-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-infinispan-hibernate-cache-commons-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-infinispan-hibernate-cache-spi-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-infinispan-hibernate-cache-v53-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-jackson-datatype-jdk8-0:2.10.4-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-datatype-jsr310-0:2.10.4-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-jaxrs-base-0:2.10.4-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-jaxrs-json-provider-0:2.10.4-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-jaxrs-providers-0:2.10.4-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-jackson-module-jaxb-annotations-0:2.10.4-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el8eap.src", "8Base-JBEAP-7.3:eap7-jboss-server-migration-cli-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-core-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-eap7.0-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-eap7.1-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-eap7.3-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.0-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.1-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly11.0-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly12.0-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly13.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly14.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly15.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly16.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly17.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly18.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly8.2-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly9.0-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-netty-all-0:4.1.48-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-undertow-server-0:1.6.2-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el8eap.src", "8Base-JBEAP-7.3:eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el8eap.src", "8Base-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-wildfly-elytron-tool-0:1.10.7-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-javadocs-0:7.3.2-4.GA_redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-modules-0:7.3.2-4.GA_redhat_00002.1.el8eap.noarch" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2020:3463" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "8Base-JBEAP-7.3:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-elytron-web-0:1.6.2-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-infinispan-cachestore-jdbc-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-infinispan-cachestore-remote-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-infinispan-client-hotrod-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-infinispan-commons-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-infinispan-core-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-infinispan-hibernate-cache-commons-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-infinispan-hibernate-cache-spi-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-infinispan-hibernate-cache-v53-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-jackson-datatype-jdk8-0:2.10.4-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-datatype-jsr310-0:2.10.4-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-jaxrs-base-0:2.10.4-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-jaxrs-json-provider-0:2.10.4-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-jaxrs-providers-0:2.10.4-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-jackson-module-jaxb-annotations-0:2.10.4-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el8eap.src", "8Base-JBEAP-7.3:eap7-jboss-server-migration-cli-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-core-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-eap7.0-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-eap7.1-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-eap7.3-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.0-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.1-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly11.0-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly12.0-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly13.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly14.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly15.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly16.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly17.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly18.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly8.2-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly9.0-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-netty-all-0:4.1.48-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-undertow-server-0:1.6.2-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el8eap.src", "8Base-JBEAP-7.3:eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el8eap.src", "8Base-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-wildfly-elytron-tool-0:1.10.7-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-javadocs-0:7.3.2-4.GA_redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-modules-0:7.3.2-4.GA_redhat_00002.1.el8eap.noarch" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "wildfly: Some EJB transaction objects may get accumulated causing Denial of Service" }, { "cve": "CVE-2020-14307", "cwe": { "id": "CWE-404", "name": "Improper Resource Shutdown or Release" }, "discovery_date": "2020-06-19T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1851327" } ], "notes": [ { "category": "description", "text": "A vulnerability was found in Wildfly\u0027s Enterprise Java Beans (EJB), where SessionOpenInvocations are never removed from the remote InvocationTracker after a response is received in the EJB Client, as well as the server. This flaw allows an attacker to craft a denial of service attack to make the service unavailable.", "title": "Vulnerability description" }, { "category": "summary", "text": "wildfly: EJB SessionOpenInvocations may not be removed properly after a response is received causing Denial of Service", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "8Base-JBEAP-7.3:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-elytron-web-0:1.6.2-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-infinispan-cachestore-jdbc-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-infinispan-cachestore-remote-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-infinispan-client-hotrod-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-infinispan-commons-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-infinispan-core-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-infinispan-hibernate-cache-commons-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-infinispan-hibernate-cache-spi-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-infinispan-hibernate-cache-v53-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-jackson-datatype-jdk8-0:2.10.4-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-datatype-jsr310-0:2.10.4-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-jaxrs-base-0:2.10.4-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-jaxrs-json-provider-0:2.10.4-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-jaxrs-providers-0:2.10.4-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-jackson-module-jaxb-annotations-0:2.10.4-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el8eap.src", "8Base-JBEAP-7.3:eap7-jboss-server-migration-cli-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-core-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-eap7.0-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-eap7.1-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-eap7.3-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.0-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.1-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly11.0-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly12.0-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly13.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly14.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly15.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly16.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly17.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly18.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly8.2-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly9.0-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-netty-all-0:4.1.48-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-undertow-server-0:1.6.2-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el8eap.src", "8Base-JBEAP-7.3:eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el8eap.src", "8Base-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-wildfly-elytron-tool-0:1.10.7-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-javadocs-0:7.3.2-4.GA_redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-modules-0:7.3.2-4.GA_redhat_00002.1.el8eap.noarch" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2020-14307" }, { "category": "external", "summary": "RHBZ#1851327", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1851327" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2020-14307", "url": "https://www.cve.org/CVERecord?id=CVE-2020-14307" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-14307", "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-14307" } ], "release_date": "2020-07-23T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2020-08-17T13:28:45+00:00", "details": "Before applying this update, ensure all previously released errata relevant to your system have been applied.\n\nFor details about how to apply this update, see:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "8Base-JBEAP-7.3:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-elytron-web-0:1.6.2-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-infinispan-cachestore-jdbc-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-infinispan-cachestore-remote-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-infinispan-client-hotrod-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-infinispan-commons-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-infinispan-core-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-infinispan-hibernate-cache-commons-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-infinispan-hibernate-cache-spi-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-infinispan-hibernate-cache-v53-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-jackson-datatype-jdk8-0:2.10.4-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-datatype-jsr310-0:2.10.4-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-jaxrs-base-0:2.10.4-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-jaxrs-json-provider-0:2.10.4-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-jaxrs-providers-0:2.10.4-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-jackson-module-jaxb-annotations-0:2.10.4-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el8eap.src", "8Base-JBEAP-7.3:eap7-jboss-server-migration-cli-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-core-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-eap7.0-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-eap7.1-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-eap7.3-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.0-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.1-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly11.0-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly12.0-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly13.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly14.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly15.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly16.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly17.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly18.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly8.2-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly9.0-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-netty-all-0:4.1.48-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-undertow-server-0:1.6.2-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el8eap.src", "8Base-JBEAP-7.3:eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el8eap.src", "8Base-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-wildfly-elytron-tool-0:1.10.7-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-javadocs-0:7.3.2-4.GA_redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-modules-0:7.3.2-4.GA_redhat_00002.1.el8eap.noarch" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2020:3463" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "8Base-JBEAP-7.3:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-elytron-web-0:1.6.2-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-infinispan-cachestore-jdbc-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-infinispan-cachestore-remote-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-infinispan-client-hotrod-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-infinispan-commons-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-infinispan-core-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-infinispan-hibernate-cache-commons-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-infinispan-hibernate-cache-spi-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-infinispan-hibernate-cache-v53-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-jackson-datatype-jdk8-0:2.10.4-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-datatype-jsr310-0:2.10.4-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-jaxrs-base-0:2.10.4-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-jaxrs-json-provider-0:2.10.4-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-jaxrs-providers-0:2.10.4-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-jackson-module-jaxb-annotations-0:2.10.4-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el8eap.src", "8Base-JBEAP-7.3:eap7-jboss-server-migration-cli-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-core-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-eap7.0-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-eap7.1-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-eap7.3-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.0-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.1-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly11.0-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly12.0-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly13.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly14.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly15.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly16.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly17.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly18.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly8.2-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly9.0-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-netty-all-0:4.1.48-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-undertow-server-0:1.6.2-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el8eap.src", "8Base-JBEAP-7.3:eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el8eap.src", "8Base-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-wildfly-elytron-tool-0:1.10.7-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-javadocs-0:7.3.2-4.GA_redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-modules-0:7.3.2-4.GA_redhat_00002.1.el8eap.noarch" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "wildfly: EJB SessionOpenInvocations may not be removed properly after a response is received causing Denial of Service" } ] }
rhsa-2020_3462
Vulnerability from csaf_redhat
Published
2020-08-17 13:28
Modified
2024-11-05 22:38
Summary
Red Hat Security Advisory: Red Hat JBoss Enterprise Application Platform 7.3.2 security update
Notes
Topic
An update is now available for Red Hat JBoss Enterprise Application Platform 7.3 for Red Hat Enterprise Linux 7.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details
Red Hat JBoss Enterprise Application Platform 7 is a platform for Java applications based on the WildFly application runtime.
This release of Red Hat JBoss Enterprise Application Platform 7.3.2 serves as a replacement for Red Hat JBoss Enterprise Application Platform 7.3.1, and includes bug fixes and enhancements. See the Red Hat JBoss Enterprise Application Platform 7.3.2 Release Notes for information about the most significant bug fixes and enhancements included in this release.
Security Fix(es):
* wildfly: exposed setting of TCCL via the EmbeddedManagedProcess API (CVE-2020-10718)
* dom4j: XML External Entity vulnerability in default SAX parser (CVE-2020-10683)
* wildfly-elytron: session fixation when using FORM authentication (CVE-2020-10714)
* wildfly-undertow: Undertow: Incomplete fix for CVE-2017-2666 due to permitting invalid characters in HTTP requests (CVE-2020-10687)
* jackson-databind: mishandles the interaction between serialization gadgets and typing which could result in remote command execution (CVE-2020-10673)
* hibernate-core: hibernate: SQL injection issue in Hibernate ORM (CVE-2019-14900)
* wildfly: unsafe deserialization in Wildfly Enterprise Java Beans (CVE-2020-10740)
* jackson-databind: mishandles the interaction between serialization gadgets and typing which could result in remote command execution (CVE-2020-10672)
* undertow: EAP: field-name is not parsed in accordance to RFC7230 (CVE-2020-1710)
* hibernate-validator: Improper input validation in the interpolation of constraint error messages (CVE-2020-10693)
* wildfly: Improper authorization issue in WildFlySecurityManager when using alternative protection domain (CVE-2020-1748)
* wildfly: Some EJB transaction objects may get accumulated causing Denial of Service (CVE-2020-14297)
For more details about the security issue(s), including the impact, a CVSS score, and other related information, see the CVE page(s) listed in the References section.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{ "document": { "aggregate_severity": { "namespace": "https://access.redhat.com/security/updates/classification/", "text": "Important" }, "category": "csaf_security_advisory", "csaf_version": "2.0", "distribution": { "text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.", "tlp": { "label": "WHITE", "url": "https://www.first.org/tlp/" } }, "lang": "en", "notes": [ { "category": "summary", "text": "An update is now available for Red Hat JBoss Enterprise Application Platform 7.3 for Red Hat Enterprise Linux 7.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.", "title": "Topic" }, { "category": "general", "text": "Red Hat JBoss Enterprise Application Platform 7 is a platform for Java applications based on the WildFly application runtime.\n\nThis release of Red Hat JBoss Enterprise Application Platform 7.3.2 serves as a replacement for Red Hat JBoss Enterprise Application Platform 7.3.1, and includes bug fixes and enhancements. See the Red Hat JBoss Enterprise Application Platform 7.3.2 Release Notes for information about the most significant bug fixes and enhancements included in this release.\n\nSecurity Fix(es):\n\n* wildfly: exposed setting of TCCL via the EmbeddedManagedProcess API (CVE-2020-10718)\n\n* dom4j: XML External Entity vulnerability in default SAX parser (CVE-2020-10683)\n\n* wildfly-elytron: session fixation when using FORM authentication (CVE-2020-10714)\n\n* wildfly-undertow: Undertow: Incomplete fix for CVE-2017-2666 due to permitting invalid characters in HTTP requests (CVE-2020-10687)\n\n* jackson-databind: mishandles the interaction between serialization gadgets and typing which could result in remote command execution (CVE-2020-10673)\n\n* hibernate-core: hibernate: SQL injection issue in Hibernate ORM (CVE-2019-14900)\n\n* wildfly: unsafe deserialization in Wildfly Enterprise Java Beans (CVE-2020-10740)\n\n* jackson-databind: mishandles the interaction between serialization gadgets and typing which could result in remote command execution (CVE-2020-10672)\n\n* undertow: EAP: field-name is not parsed in accordance to RFC7230 (CVE-2020-1710)\n\n* hibernate-validator: Improper input validation in the interpolation of constraint error messages (CVE-2020-10693)\n\n* wildfly: Improper authorization issue in WildFlySecurityManager when using alternative protection domain (CVE-2020-1748)\n\n* wildfly: Some EJB transaction objects may get accumulated causing Denial of Service (CVE-2020-14297)\n\nFor more details about the security issue(s), including the impact, a CVSS score, and other related information, see the CVE page(s) listed in the References section.", "title": "Details" }, { "category": "legal_disclaimer", "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.", "title": "Terms of Use" } ], "publisher": { "category": "vendor", "contact_details": "https://access.redhat.com/security/team/contact/", "issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.", "name": "Red Hat Product Security", "namespace": "https://www.redhat.com" }, "references": [ { "category": "self", "summary": "https://access.redhat.com/errata/RHSA-2020:3462", "url": "https://access.redhat.com/errata/RHSA-2020:3462" }, { "category": "external", "summary": "https://access.redhat.com/security/updates/classification/#important", "url": "https://access.redhat.com/security/updates/classification/#important" }, { "category": "external", "summary": "https://access.redhat.com/documentation/en-us/red_hat_jboss_enterprise_application_platform/7.3/", "url": "https://access.redhat.com/documentation/en-us/red_hat_jboss_enterprise_application_platform/7.3/" }, { "category": "external", "summary": "https://access.redhat.com/documentation/en-us/red_hat_jboss_enterprise_application_platform/7.3/html-single/installation_guide/", "url": "https://access.redhat.com/documentation/en-us/red_hat_jboss_enterprise_application_platform/7.3/html-single/installation_guide/" }, { "category": "external", "summary": "1666499", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1666499" }, { "category": "external", "summary": "1694235", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1694235" }, { "category": "external", "summary": "1785049", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1785049" }, { "category": "external", "summary": "1793970", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1793970" }, { "category": "external", "summary": "1805501", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1805501" }, { "category": "external", "summary": "1807707", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1807707" }, { "category": "external", "summary": "1815470", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1815470" }, { "category": "external", "summary": "1815495", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1815495" }, { "category": "external", "summary": "1825714", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1825714" }, { "category": "external", "summary": "1828476", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1828476" }, { "category": "external", "summary": "1834512", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1834512" }, { "category": "external", "summary": "1853595", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1853595" }, { "category": "external", "summary": "JBEAP-19095", "url": "https://issues.redhat.com/browse/JBEAP-19095" }, { "category": "external", "summary": "JBEAP-19134", "url": "https://issues.redhat.com/browse/JBEAP-19134" }, { "category": "external", "summary": "JBEAP-19185", "url": "https://issues.redhat.com/browse/JBEAP-19185" }, { "category": "external", "summary": "JBEAP-19203", "url": "https://issues.redhat.com/browse/JBEAP-19203" }, { "category": "external", "summary": "JBEAP-19269", "url": "https://issues.redhat.com/browse/JBEAP-19269" }, { "category": "external", "summary": "JBEAP-19322", "url": "https://issues.redhat.com/browse/JBEAP-19322" }, { "category": "external", "summary": "JBEAP-19325", "url": "https://issues.redhat.com/browse/JBEAP-19325" }, { "category": "external", "summary": "JBEAP-19397", "url": "https://issues.redhat.com/browse/JBEAP-19397" }, { "category": "external", "summary": "JBEAP-19410", "url": "https://issues.redhat.com/browse/JBEAP-19410" }, { "category": "external", "summary": "JBEAP-19529", "url": "https://issues.redhat.com/browse/JBEAP-19529" }, { "category": "external", "summary": "JBEAP-19564", "url": "https://issues.redhat.com/browse/JBEAP-19564" }, { "category": "external", "summary": "JBEAP-19585", "url": "https://issues.redhat.com/browse/JBEAP-19585" }, { "category": "external", "summary": "JBEAP-19617", "url": "https://issues.redhat.com/browse/JBEAP-19617" }, { "category": "external", "summary": "JBEAP-19619", "url": "https://issues.redhat.com/browse/JBEAP-19619" }, { "category": "external", "summary": "JBEAP-19673", "url": "https://issues.redhat.com/browse/JBEAP-19673" }, { "category": "external", "summary": "JBEAP-19674", "url": "https://issues.redhat.com/browse/JBEAP-19674" }, { "category": "external", "summary": "JBEAP-19874", "url": "https://issues.redhat.com/browse/JBEAP-19874" }, { "category": "self", "summary": "Canonical URL", "url": "https://security.access.redhat.com/data/csaf/v2/advisories/2020/rhsa-2020_3462.json" } ], "title": "Red Hat Security Advisory: Red Hat JBoss Enterprise Application Platform 7.3.2 security update", "tracking": { "current_release_date": "2024-11-05T22:38:09+00:00", "generator": { "date": "2024-11-05T22:38:09+00:00", "engine": { "name": "Red Hat SDEngine", "version": "4.1.1" } }, "id": "RHSA-2020:3462", "initial_release_date": "2020-08-17T13:28:06+00:00", "revision_history": [ { "date": "2020-08-17T13:28:06+00:00", "number": "1", "summary": "Initial version" }, { "date": "2020-08-17T13:28:06+00:00", "number": "2", "summary": "Last updated version" }, { "date": "2024-11-05T22:38:09+00:00", "number": "3", "summary": "Last generated version" } ], "status": "final", "version": "3" } }, "product_tree": { "branches": [ { "branches": [ { "branches": [ { "category": "product_name", "name": "Red Hat JBoss EAP 7.3 for RHEL 7 Server", "product": { "name": "Red Hat JBoss EAP 7.3 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.3", "product_identification_helper": { "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:7.3::el7" } } } ], "category": "product_family", "name": "Red Hat JBoss Enterprise Application Platform" }, { "branches": [ { "category": "product_version", "name": "eap7-elytron-web-0:1.6.2-1.Final_redhat_00001.1.el7eap.src", "product": { "name": "eap7-elytron-web-0:1.6.2-1.Final_redhat_00001.1.el7eap.src", "product_id": "eap7-elytron-web-0:1.6.2-1.Final_redhat_00001.1.el7eap.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-elytron-web@1.6.2-1.Final_redhat_00001.1.el7eap?arch=src" } } }, { "category": "product_version", "name": "eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el7eap.src", "product": { "name": "eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el7eap.src", "product_id": "eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el7eap.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jboss-xnio-base@3.7.8-1.SP1_redhat_00001.1.el7eap?arch=src" } } }, { "category": "product_version", "name": "eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el7eap.src", "product": { "name": "eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el7eap.src", "product_id": "eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el7eap.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-glassfish-jsf@2.3.9-11.SP11_redhat_00001.1.el7eap?arch=src" } } }, { "category": "product_version", "name": "eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el7eap.src", "product": { "name": "eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el7eap.src", "product_id": "eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el7eap.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jboss-jsf-api_2.3_spec@3.0.0-4.SP04_redhat_00001.1.el7eap?arch=src" } } }, { "category": "product_version", "name": "eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el7eap.src", "product": { "name": "eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el7eap.src", "product_id": "eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el7eap.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-netty@4.1.48-1.Final_redhat_00001.1.el7eap?arch=src" } } }, { "category": "product_version", "name": "eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el7eap.src", "product": { "name": "eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el7eap.src", "product_id": "eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el7eap.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-wildfly-elytron@1.10.7-1.Final_redhat_00001.1.el7eap?arch=src" } } }, { "category": "product_version", "name": "eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el7eap.src", "product": { "name": "eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el7eap.src", "product_id": "eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el7eap.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-infinispan@9.4.19-1.Final_redhat_00001.1.el7eap?arch=src" } } }, { "category": "product_version", "name": "eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el7eap.src", "product": { "name": "eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el7eap.src", "product_id": "eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el7eap.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jackson-databind@2.10.4-1.redhat_00001.1.el7eap?arch=src" } } }, { "category": "product_version", "name": "eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el7eap.src", "product": { "name": "eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el7eap.src", "product_id": "eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el7eap.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-wildfly-common@1.5.2-1.Final_redhat_00002.1.el7eap?arch=src" } } }, { "category": "product_version", "name": "eap7-dom4j-0:2.1.3-1.redhat_00001.1.el7eap.src", "product": { "name": "eap7-dom4j-0:2.1.3-1.redhat_00001.1.el7eap.src", "product_id": "eap7-dom4j-0:2.1.3-1.redhat_00001.1.el7eap.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-dom4j@2.1.3-1.redhat_00001.1.el7eap?arch=src" } } }, { "category": "product_version", "name": "eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el7eap.src", "product": { "name": "eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el7eap.src", "product_id": "eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el7eap.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jboss-logmanager@2.1.15-1.Final_redhat_00001.1.el7eap?arch=src" } } }, { "category": "product_version", "name": "eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el7eap.src", "product": { "name": "eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el7eap.src", "product_id": "eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el7eap.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-hibernate@5.3.17-1.Final_redhat_00001.1.el7eap?arch=src" } } }, { "category": "product_version", "name": "eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el7eap.src", "product": { "name": "eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el7eap.src", "product_id": "eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el7eap.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-hibernate-validator@6.0.20-1.Final_redhat_00001.1.el7eap?arch=src" } } }, { "category": "product_version", "name": "eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el7eap.src", "product": { "name": "eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el7eap.src", "product_id": "eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el7eap.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jboss-genericjms@2.0.6-1.Final_redhat_00001.1.el7eap?arch=src" } } }, { "category": "product_version", "name": "eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el7eap.src", "product": { "name": "eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el7eap.src", "product_id": "eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el7eap.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-hal-console@3.2.9-1.Final_redhat_00001.1.el7eap?arch=src" } } }, { "category": "product_version", "name": "eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el7eap.src", "product": { "name": "eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el7eap.src", "product_id": "eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el7eap.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-ironjacamar@1.4.22-1.Final_redhat_00001.1.el7eap?arch=src" } } }, { "category": "product_version", "name": "eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el7eap.src", "product": { "name": "eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el7eap.src", "product_id": "eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el7eap.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-undertow@2.0.30-4.SP4_redhat_00001.1.el7eap?arch=src" } } }, { "category": "product_version", "name": "eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el7eap.src", "product": { "name": "eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el7eap.src", "product_id": "eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el7eap.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jackson-annotations@2.10.4-1.redhat_00001.1.el7eap?arch=src" } } }, { "category": "product_version", "name": "eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el7eap.src", "product": { "name": "eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el7eap.src", "product_id": "eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el7eap.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jackson-core@2.10.4-1.redhat_00001.1.el7eap?arch=src" } } }, { "category": "product_version", "name": "eap7-jackson-jaxrs-providers-0:2.10.4-1.redhat_00001.1.el7eap.src", "product": { "name": "eap7-jackson-jaxrs-providers-0:2.10.4-1.redhat_00001.1.el7eap.src", "product_id": "eap7-jackson-jaxrs-providers-0:2.10.4-1.redhat_00001.1.el7eap.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jackson-jaxrs-providers@2.10.4-1.redhat_00001.1.el7eap?arch=src" } } }, { "category": "product_version", "name": "eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el7eap.src", "product": { "name": "eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el7eap.src", "product_id": "eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el7eap.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jackson-modules-java8@2.10.4-1.redhat_00001.1.el7eap?arch=src" } } }, { "category": "product_version", "name": "eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el7eap.src", "product": { "name": "eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el7eap.src", "product_id": "eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el7eap.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jackson-modules-base@2.10.4-1.redhat_00001.1.el7eap?arch=src" } } }, { "category": "product_version", "name": "eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el7eap.src", "product": { "name": "eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el7eap.src", "product_id": "eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el7eap.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jboss-server-migration@1.7.1-7.Final_redhat_00009.1.el7eap?arch=src" } } }, { "category": "product_version", "name": "eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.src", "product": { "name": "eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.src", "product_id": "eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-wildfly-http-client@1.0.22-1.Final_redhat_00001.1.el7eap?arch=src" } } }, { "category": "product_version", "name": "eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el7eap.src", "product": { "name": "eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el7eap.src", "product_id": "eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el7eap.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-wildfly@7.3.2-4.GA_redhat_00002.1.el7eap?arch=src" } } } ], "category": "architecture", "name": "src" }, { "branches": [ { "category": "product_version", "name": "eap7-undertow-server-0:1.6.2-1.Final_redhat_00001.1.el7eap.noarch", "product": { "name": "eap7-undertow-server-0:1.6.2-1.Final_redhat_00001.1.el7eap.noarch", "product_id": "eap7-undertow-server-0:1.6.2-1.Final_redhat_00001.1.el7eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-undertow-server@1.6.2-1.Final_redhat_00001.1.el7eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el7eap.noarch", "product": { "name": "eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el7eap.noarch", "product_id": "eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el7eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jboss-xnio-base@3.7.8-1.SP1_redhat_00001.1.el7eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el7eap.noarch", "product": { "name": "eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el7eap.noarch", "product_id": "eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el7eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-glassfish-jsf@2.3.9-11.SP11_redhat_00001.1.el7eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el7eap.noarch", "product": { "name": "eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el7eap.noarch", "product_id": "eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el7eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jboss-jsf-api_2.3_spec@3.0.0-4.SP04_redhat_00001.1.el7eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el7eap.noarch", "product": { "name": "eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el7eap.noarch", "product_id": "eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el7eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-netty@4.1.48-1.Final_redhat_00001.1.el7eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-netty-all-0:4.1.48-1.Final_redhat_00001.1.el7eap.noarch", "product": { "name": "eap7-netty-all-0:4.1.48-1.Final_redhat_00001.1.el7eap.noarch", "product_id": "eap7-netty-all-0:4.1.48-1.Final_redhat_00001.1.el7eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-netty-all@4.1.48-1.Final_redhat_00001.1.el7eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el7eap.noarch", "product": { "name": "eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el7eap.noarch", "product_id": "eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el7eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-wildfly-elytron@1.10.7-1.Final_redhat_00001.1.el7eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-wildfly-elytron-tool-0:1.10.7-1.Final_redhat_00001.1.el7eap.noarch", "product": { "name": "eap7-wildfly-elytron-tool-0:1.10.7-1.Final_redhat_00001.1.el7eap.noarch", "product_id": "eap7-wildfly-elytron-tool-0:1.10.7-1.Final_redhat_00001.1.el7eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-wildfly-elytron-tool@1.10.7-1.Final_redhat_00001.1.el7eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch", "product": { "name": "eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch", "product_id": "eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-infinispan@9.4.19-1.Final_redhat_00001.1.el7eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-infinispan-cachestore-jdbc-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch", "product": { "name": "eap7-infinispan-cachestore-jdbc-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch", "product_id": "eap7-infinispan-cachestore-jdbc-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-infinispan-cachestore-jdbc@9.4.19-1.Final_redhat_00001.1.el7eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-infinispan-cachestore-remote-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch", "product": { "name": "eap7-infinispan-cachestore-remote-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch", "product_id": "eap7-infinispan-cachestore-remote-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-infinispan-cachestore-remote@9.4.19-1.Final_redhat_00001.1.el7eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-infinispan-client-hotrod-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch", "product": { "name": "eap7-infinispan-client-hotrod-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch", "product_id": "eap7-infinispan-client-hotrod-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-infinispan-client-hotrod@9.4.19-1.Final_redhat_00001.1.el7eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-infinispan-commons-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch", "product": { "name": "eap7-infinispan-commons-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch", "product_id": "eap7-infinispan-commons-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-infinispan-commons@9.4.19-1.Final_redhat_00001.1.el7eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-infinispan-core-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch", "product": { "name": "eap7-infinispan-core-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch", "product_id": "eap7-infinispan-core-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-infinispan-core@9.4.19-1.Final_redhat_00001.1.el7eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-infinispan-hibernate-cache-commons-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch", "product": { "name": "eap7-infinispan-hibernate-cache-commons-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch", "product_id": "eap7-infinispan-hibernate-cache-commons-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-infinispan-hibernate-cache-commons@9.4.19-1.Final_redhat_00001.1.el7eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-infinispan-hibernate-cache-spi-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch", "product": { "name": "eap7-infinispan-hibernate-cache-spi-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch", "product_id": "eap7-infinispan-hibernate-cache-spi-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-infinispan-hibernate-cache-spi@9.4.19-1.Final_redhat_00001.1.el7eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-infinispan-hibernate-cache-v53-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch", "product": { "name": "eap7-infinispan-hibernate-cache-v53-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch", "product_id": "eap7-infinispan-hibernate-cache-v53-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-infinispan-hibernate-cache-v53@9.4.19-1.Final_redhat_00001.1.el7eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el7eap.noarch", "product": { "name": "eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el7eap.noarch", "product_id": "eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el7eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jackson-databind@2.10.4-1.redhat_00001.1.el7eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el7eap.noarch", "product": { "name": "eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el7eap.noarch", "product_id": "eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el7eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-wildfly-common@1.5.2-1.Final_redhat_00002.1.el7eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-dom4j-0:2.1.3-1.redhat_00001.1.el7eap.noarch", "product": { "name": "eap7-dom4j-0:2.1.3-1.redhat_00001.1.el7eap.noarch", "product_id": "eap7-dom4j-0:2.1.3-1.redhat_00001.1.el7eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-dom4j@2.1.3-1.redhat_00001.1.el7eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el7eap.noarch", "product": { "name": "eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el7eap.noarch", "product_id": "eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el7eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jboss-logmanager@2.1.15-1.Final_redhat_00001.1.el7eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "product": { "name": "eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "product_id": "eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-hibernate@5.3.17-1.Final_redhat_00001.1.el7eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "product": { "name": "eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "product_id": "eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-hibernate-core@5.3.17-1.Final_redhat_00001.1.el7eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "product": { "name": "eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "product_id": "eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-hibernate-entitymanager@5.3.17-1.Final_redhat_00001.1.el7eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "product": { "name": "eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "product_id": "eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-hibernate-envers@5.3.17-1.Final_redhat_00001.1.el7eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "product": { "name": "eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "product_id": "eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-hibernate-java8@5.3.17-1.Final_redhat_00001.1.el7eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el7eap.noarch", "product": { "name": "eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el7eap.noarch", "product_id": "eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el7eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-hibernate-validator@6.0.20-1.Final_redhat_00001.1.el7eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el7eap.noarch", "product": { "name": "eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el7eap.noarch", "product_id": "eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el7eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-hibernate-validator-cdi@6.0.20-1.Final_redhat_00001.1.el7eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el7eap.noarch", "product": { "name": "eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el7eap.noarch", "product_id": "eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el7eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jboss-genericjms@2.0.6-1.Final_redhat_00001.1.el7eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el7eap.noarch", "product": { "name": "eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el7eap.noarch", "product_id": "eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el7eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-hal-console@3.2.9-1.Final_redhat_00001.1.el7eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "product": { "name": "eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "product_id": "eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-ironjacamar@1.4.22-1.Final_redhat_00001.1.el7eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "product": { "name": "eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "product_id": "eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-ironjacamar-common-api@1.4.22-1.Final_redhat_00001.1.el7eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "product": { "name": "eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "product_id": "eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-ironjacamar-common-impl@1.4.22-1.Final_redhat_00001.1.el7eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "product": { "name": "eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "product_id": "eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-ironjacamar-common-spi@1.4.22-1.Final_redhat_00001.1.el7eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "product": { "name": "eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "product_id": "eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-ironjacamar-core-api@1.4.22-1.Final_redhat_00001.1.el7eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "product": { "name": "eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "product_id": "eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-ironjacamar-core-impl@1.4.22-1.Final_redhat_00001.1.el7eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "product": { "name": "eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "product_id": "eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-ironjacamar-deployers-common@1.4.22-1.Final_redhat_00001.1.el7eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "product": { "name": "eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "product_id": "eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-ironjacamar-jdbc@1.4.22-1.Final_redhat_00001.1.el7eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "product": { "name": "eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "product_id": "eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-ironjacamar-validator@1.4.22-1.Final_redhat_00001.1.el7eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el7eap.noarch", "product": { "name": "eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el7eap.noarch", "product_id": "eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el7eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-undertow@2.0.30-4.SP4_redhat_00001.1.el7eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el7eap.noarch", "product": { "name": "eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el7eap.noarch", "product_id": "eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el7eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jackson-annotations@2.10.4-1.redhat_00001.1.el7eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el7eap.noarch", "product": { "name": "eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el7eap.noarch", "product_id": "eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el7eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jackson-core@2.10.4-1.redhat_00001.1.el7eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-jackson-jaxrs-base-0:2.10.4-1.redhat_00001.1.el7eap.noarch", "product": { "name": "eap7-jackson-jaxrs-base-0:2.10.4-1.redhat_00001.1.el7eap.noarch", "product_id": "eap7-jackson-jaxrs-base-0:2.10.4-1.redhat_00001.1.el7eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jackson-jaxrs-base@2.10.4-1.redhat_00001.1.el7eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-jackson-jaxrs-json-provider-0:2.10.4-1.redhat_00001.1.el7eap.noarch", "product": { "name": "eap7-jackson-jaxrs-json-provider-0:2.10.4-1.redhat_00001.1.el7eap.noarch", "product_id": "eap7-jackson-jaxrs-json-provider-0:2.10.4-1.redhat_00001.1.el7eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jackson-jaxrs-json-provider@2.10.4-1.redhat_00001.1.el7eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el7eap.noarch", "product": { "name": "eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el7eap.noarch", "product_id": "eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el7eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jackson-modules-java8@2.10.4-1.redhat_00001.1.el7eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-jackson-datatype-jdk8-0:2.10.4-1.redhat_00001.1.el7eap.noarch", "product": { "name": "eap7-jackson-datatype-jdk8-0:2.10.4-1.redhat_00001.1.el7eap.noarch", "product_id": "eap7-jackson-datatype-jdk8-0:2.10.4-1.redhat_00001.1.el7eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jackson-datatype-jdk8@2.10.4-1.redhat_00001.1.el7eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-jackson-datatype-jsr310-0:2.10.4-1.redhat_00001.1.el7eap.noarch", "product": { "name": "eap7-jackson-datatype-jsr310-0:2.10.4-1.redhat_00001.1.el7eap.noarch", "product_id": "eap7-jackson-datatype-jsr310-0:2.10.4-1.redhat_00001.1.el7eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jackson-datatype-jsr310@2.10.4-1.redhat_00001.1.el7eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-jackson-module-jaxb-annotations-0:2.10.4-1.redhat_00001.1.el7eap.noarch", "product": { "name": "eap7-jackson-module-jaxb-annotations-0:2.10.4-1.redhat_00001.1.el7eap.noarch", "product_id": "eap7-jackson-module-jaxb-annotations-0:2.10.4-1.redhat_00001.1.el7eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jackson-module-jaxb-annotations@2.10.4-1.redhat_00001.1.el7eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el7eap.noarch", "product": { "name": "eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el7eap.noarch", "product_id": "eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el7eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jackson-modules-base@2.10.4-1.redhat_00001.1.el7eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "product": { "name": "eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "product_id": "eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jboss-server-migration@1.7.1-7.Final_redhat_00009.1.el7eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-jboss-server-migration-cli-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "product": { "name": "eap7-jboss-server-migration-cli-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "product_id": "eap7-jboss-server-migration-cli-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jboss-server-migration-cli@1.7.1-7.Final_redhat_00009.1.el7eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-jboss-server-migration-core-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "product": { "name": "eap7-jboss-server-migration-core-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "product_id": "eap7-jboss-server-migration-core-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jboss-server-migration-core@1.7.1-7.Final_redhat_00009.1.el7eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-jboss-server-migration-eap6.4-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "product": { "name": "eap7-jboss-server-migration-eap6.4-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "product_id": "eap7-jboss-server-migration-eap6.4-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jboss-server-migration-eap6.4@1.7.1-7.Final_redhat_00009.1.el7eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "product": { "name": "eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "product_id": "eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jboss-server-migration-eap6.4-to-eap7.3@1.7.1-7.Final_redhat_00009.1.el7eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-jboss-server-migration-eap7.0-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "product": { "name": "eap7-jboss-server-migration-eap7.0-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "product_id": "eap7-jboss-server-migration-eap7.0-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jboss-server-migration-eap7.0@1.7.1-7.Final_redhat_00009.1.el7eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-jboss-server-migration-eap7.1-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "product": { "name": "eap7-jboss-server-migration-eap7.1-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "product_id": "eap7-jboss-server-migration-eap7.1-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jboss-server-migration-eap7.1@1.7.1-7.Final_redhat_00009.1.el7eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-jboss-server-migration-eap7.2-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "product": { "name": "eap7-jboss-server-migration-eap7.2-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "product_id": "eap7-jboss-server-migration-eap7.2-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jboss-server-migration-eap7.2@1.7.1-7.Final_redhat_00009.1.el7eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "product": { "name": "eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "product_id": "eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jboss-server-migration-eap7.2-to-eap7.3@1.7.1-7.Final_redhat_00009.1.el7eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-jboss-server-migration-eap7.3-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "product": { "name": "eap7-jboss-server-migration-eap7.3-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "product_id": "eap7-jboss-server-migration-eap7.3-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jboss-server-migration-eap7.3-server@1.7.1-7.Final_redhat_00009.1.el7eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-jboss-server-migration-wildfly10.0-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "product": { "name": "eap7-jboss-server-migration-wildfly10.0-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "product_id": "eap7-jboss-server-migration-wildfly10.0-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jboss-server-migration-wildfly10.0@1.7.1-7.Final_redhat_00009.1.el7eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-jboss-server-migration-wildfly10.1-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "product": { "name": "eap7-jboss-server-migration-wildfly10.1-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "product_id": "eap7-jboss-server-migration-wildfly10.1-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jboss-server-migration-wildfly10.1@1.7.1-7.Final_redhat_00009.1.el7eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-jboss-server-migration-wildfly11.0-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "product": { "name": "eap7-jboss-server-migration-wildfly11.0-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "product_id": "eap7-jboss-server-migration-wildfly11.0-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jboss-server-migration-wildfly11.0@1.7.1-7.Final_redhat_00009.1.el7eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-jboss-server-migration-wildfly12.0-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "product": { "name": "eap7-jboss-server-migration-wildfly12.0-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "product_id": "eap7-jboss-server-migration-wildfly12.0-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jboss-server-migration-wildfly12.0@1.7.1-7.Final_redhat_00009.1.el7eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-jboss-server-migration-wildfly13.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "product": { "name": "eap7-jboss-server-migration-wildfly13.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "product_id": "eap7-jboss-server-migration-wildfly13.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jboss-server-migration-wildfly13.0-server@1.7.1-7.Final_redhat_00009.1.el7eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-jboss-server-migration-wildfly14.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "product": { "name": "eap7-jboss-server-migration-wildfly14.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "product_id": "eap7-jboss-server-migration-wildfly14.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jboss-server-migration-wildfly14.0-server@1.7.1-7.Final_redhat_00009.1.el7eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-jboss-server-migration-wildfly15.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "product": { "name": "eap7-jboss-server-migration-wildfly15.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "product_id": "eap7-jboss-server-migration-wildfly15.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jboss-server-migration-wildfly15.0-server@1.7.1-7.Final_redhat_00009.1.el7eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-jboss-server-migration-wildfly16.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "product": { "name": "eap7-jboss-server-migration-wildfly16.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "product_id": "eap7-jboss-server-migration-wildfly16.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jboss-server-migration-wildfly16.0-server@1.7.1-7.Final_redhat_00009.1.el7eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-jboss-server-migration-wildfly17.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "product": { "name": "eap7-jboss-server-migration-wildfly17.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "product_id": "eap7-jboss-server-migration-wildfly17.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jboss-server-migration-wildfly17.0-server@1.7.1-7.Final_redhat_00009.1.el7eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-jboss-server-migration-wildfly18.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "product": { "name": "eap7-jboss-server-migration-wildfly18.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "product_id": "eap7-jboss-server-migration-wildfly18.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jboss-server-migration-wildfly18.0-server@1.7.1-7.Final_redhat_00009.1.el7eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-jboss-server-migration-wildfly8.2-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "product": { "name": "eap7-jboss-server-migration-wildfly8.2-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "product_id": "eap7-jboss-server-migration-wildfly8.2-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jboss-server-migration-wildfly8.2@1.7.1-7.Final_redhat_00009.1.el7eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-jboss-server-migration-wildfly9.0-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "product": { "name": "eap7-jboss-server-migration-wildfly9.0-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "product_id": "eap7-jboss-server-migration-wildfly9.0-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jboss-server-migration-wildfly9.0@1.7.1-7.Final_redhat_00009.1.el7eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch", "product": { "name": "eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch", "product_id": "eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-wildfly-http-client-common@1.0.22-1.Final_redhat_00001.1.el7eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch", "product": { "name": "eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch", "product_id": "eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-wildfly-http-ejb-client@1.0.22-1.Final_redhat_00001.1.el7eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch", "product": { "name": "eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch", "product_id": "eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-wildfly-http-naming-client@1.0.22-1.Final_redhat_00001.1.el7eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch", "product": { "name": "eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch", "product_id": "eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-wildfly-http-transaction-client@1.0.22-1.Final_redhat_00001.1.el7eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el7eap.noarch", "product": { "name": "eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el7eap.noarch", "product_id": "eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el7eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-wildfly@7.3.2-4.GA_redhat_00002.1.el7eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-wildfly-java-jdk11-0:7.3.2-4.GA_redhat_00002.1.el7eap.noarch", "product": { "name": "eap7-wildfly-java-jdk11-0:7.3.2-4.GA_redhat_00002.1.el7eap.noarch", "product_id": "eap7-wildfly-java-jdk11-0:7.3.2-4.GA_redhat_00002.1.el7eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-wildfly-java-jdk11@7.3.2-4.GA_redhat_00002.1.el7eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-wildfly-java-jdk8-0:7.3.2-4.GA_redhat_00002.1.el7eap.noarch", "product": { "name": "eap7-wildfly-java-jdk8-0:7.3.2-4.GA_redhat_00002.1.el7eap.noarch", "product_id": "eap7-wildfly-java-jdk8-0:7.3.2-4.GA_redhat_00002.1.el7eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-wildfly-java-jdk8@7.3.2-4.GA_redhat_00002.1.el7eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-wildfly-javadocs-0:7.3.2-4.GA_redhat_00002.1.el7eap.noarch", "product": { "name": "eap7-wildfly-javadocs-0:7.3.2-4.GA_redhat_00002.1.el7eap.noarch", "product_id": "eap7-wildfly-javadocs-0:7.3.2-4.GA_redhat_00002.1.el7eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-wildfly-javadocs@7.3.2-4.GA_redhat_00002.1.el7eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-wildfly-modules-0:7.3.2-4.GA_redhat_00002.1.el7eap.noarch", "product": { "name": "eap7-wildfly-modules-0:7.3.2-4.GA_redhat_00002.1.el7eap.noarch", "product_id": "eap7-wildfly-modules-0:7.3.2-4.GA_redhat_00002.1.el7eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-wildfly-modules@7.3.2-4.GA_redhat_00002.1.el7eap?arch=noarch" } } } ], "category": "architecture", "name": "noarch" } ], "category": "vendor", "name": "Red Hat" } ], "relationships": [ { "category": "default_component_of", "full_product_name": { "name": "eap7-dom4j-0:2.1.3-1.redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.3 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.3:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el7eap.noarch" }, "product_reference": "eap7-dom4j-0:2.1.3-1.redhat_00001.1.el7eap.noarch", "relates_to_product_reference": "7Server-JBEAP-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-dom4j-0:2.1.3-1.redhat_00001.1.el7eap.src as a component of Red Hat JBoss EAP 7.3 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.3:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el7eap.src" }, "product_reference": "eap7-dom4j-0:2.1.3-1.redhat_00001.1.el7eap.src", "relates_to_product_reference": "7Server-JBEAP-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-elytron-web-0:1.6.2-1.Final_redhat_00001.1.el7eap.src as a component of Red Hat JBoss EAP 7.3 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.3:eap7-elytron-web-0:1.6.2-1.Final_redhat_00001.1.el7eap.src" }, "product_reference": "eap7-elytron-web-0:1.6.2-1.Final_redhat_00001.1.el7eap.src", "relates_to_product_reference": "7Server-JBEAP-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.3 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.3:eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el7eap.noarch" }, "product_reference": "eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el7eap.noarch", "relates_to_product_reference": "7Server-JBEAP-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el7eap.src as a component of Red Hat JBoss EAP 7.3 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.3:eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el7eap.src" }, "product_reference": "eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el7eap.src", "relates_to_product_reference": "7Server-JBEAP-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.3 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.3:eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el7eap.noarch" }, "product_reference": "eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el7eap.noarch", "relates_to_product_reference": "7Server-JBEAP-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el7eap.src as a component of Red Hat JBoss EAP 7.3 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.3:eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el7eap.src" }, "product_reference": "eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el7eap.src", "relates_to_product_reference": "7Server-JBEAP-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.3 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.3:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch" }, "product_reference": "eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "relates_to_product_reference": "7Server-JBEAP-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el7eap.src as a component of Red Hat JBoss EAP 7.3 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.3:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el7eap.src" }, "product_reference": "eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el7eap.src", "relates_to_product_reference": "7Server-JBEAP-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.3 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.3:eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch" }, "product_reference": "eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "relates_to_product_reference": "7Server-JBEAP-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.3 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.3:eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch" }, "product_reference": "eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "relates_to_product_reference": "7Server-JBEAP-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.3 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.3:eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch" }, "product_reference": "eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "relates_to_product_reference": "7Server-JBEAP-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.3 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.3:eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch" }, "product_reference": "eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "relates_to_product_reference": "7Server-JBEAP-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.3 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.3:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el7eap.noarch" }, "product_reference": "eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el7eap.noarch", "relates_to_product_reference": "7Server-JBEAP-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el7eap.src as a component of Red Hat JBoss EAP 7.3 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.3:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el7eap.src" }, "product_reference": "eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el7eap.src", "relates_to_product_reference": "7Server-JBEAP-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.3 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.3:eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el7eap.noarch" }, "product_reference": "eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el7eap.noarch", "relates_to_product_reference": "7Server-JBEAP-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.3 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.3:eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch" }, "product_reference": "eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch", "relates_to_product_reference": "7Server-JBEAP-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el7eap.src as a component of Red Hat JBoss EAP 7.3 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.3:eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el7eap.src" }, "product_reference": "eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el7eap.src", "relates_to_product_reference": "7Server-JBEAP-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-infinispan-cachestore-jdbc-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.3 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.3:eap7-infinispan-cachestore-jdbc-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch" }, "product_reference": "eap7-infinispan-cachestore-jdbc-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch", "relates_to_product_reference": "7Server-JBEAP-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-infinispan-cachestore-remote-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.3 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.3:eap7-infinispan-cachestore-remote-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch" }, "product_reference": "eap7-infinispan-cachestore-remote-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch", "relates_to_product_reference": "7Server-JBEAP-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-infinispan-client-hotrod-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.3 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.3:eap7-infinispan-client-hotrod-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch" }, "product_reference": "eap7-infinispan-client-hotrod-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch", "relates_to_product_reference": "7Server-JBEAP-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-infinispan-commons-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.3 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.3:eap7-infinispan-commons-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch" }, "product_reference": "eap7-infinispan-commons-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch", "relates_to_product_reference": "7Server-JBEAP-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-infinispan-core-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.3 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.3:eap7-infinispan-core-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch" }, "product_reference": "eap7-infinispan-core-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch", "relates_to_product_reference": "7Server-JBEAP-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-infinispan-hibernate-cache-commons-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.3 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.3:eap7-infinispan-hibernate-cache-commons-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch" }, "product_reference": "eap7-infinispan-hibernate-cache-commons-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch", "relates_to_product_reference": "7Server-JBEAP-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-infinispan-hibernate-cache-spi-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.3 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.3:eap7-infinispan-hibernate-cache-spi-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch" }, "product_reference": "eap7-infinispan-hibernate-cache-spi-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch", "relates_to_product_reference": "7Server-JBEAP-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-infinispan-hibernate-cache-v53-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.3 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.3:eap7-infinispan-hibernate-cache-v53-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch" }, "product_reference": "eap7-infinispan-hibernate-cache-v53-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch", "relates_to_product_reference": "7Server-JBEAP-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.3 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.3:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch" }, "product_reference": "eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "relates_to_product_reference": "7Server-JBEAP-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el7eap.src as a component of Red Hat JBoss EAP 7.3 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.3:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el7eap.src" }, "product_reference": "eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el7eap.src", "relates_to_product_reference": "7Server-JBEAP-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.3 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.3:eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch" }, "product_reference": "eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "relates_to_product_reference": "7Server-JBEAP-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.3 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.3:eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch" }, "product_reference": "eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "relates_to_product_reference": "7Server-JBEAP-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.3 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.3:eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch" }, "product_reference": "eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "relates_to_product_reference": "7Server-JBEAP-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.3 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.3:eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch" }, "product_reference": "eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "relates_to_product_reference": "7Server-JBEAP-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.3 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.3:eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch" }, "product_reference": "eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "relates_to_product_reference": "7Server-JBEAP-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.3 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.3:eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch" }, "product_reference": "eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "relates_to_product_reference": "7Server-JBEAP-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.3 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.3:eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch" }, "product_reference": "eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "relates_to_product_reference": "7Server-JBEAP-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.3 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.3:eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch" }, "product_reference": "eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "relates_to_product_reference": "7Server-JBEAP-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.3 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.3:eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el7eap.noarch" }, "product_reference": "eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el7eap.noarch", "relates_to_product_reference": "7Server-JBEAP-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el7eap.src as a component of Red Hat JBoss EAP 7.3 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.3:eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el7eap.src" }, "product_reference": "eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el7eap.src", "relates_to_product_reference": "7Server-JBEAP-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.3 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.3:eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el7eap.noarch" }, "product_reference": "eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el7eap.noarch", "relates_to_product_reference": "7Server-JBEAP-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el7eap.src as a component of Red Hat JBoss EAP 7.3 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.3:eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el7eap.src" }, "product_reference": "eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el7eap.src", "relates_to_product_reference": "7Server-JBEAP-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.3 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.3:eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el7eap.noarch" }, "product_reference": "eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el7eap.noarch", "relates_to_product_reference": "7Server-JBEAP-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el7eap.src as a component of Red Hat JBoss EAP 7.3 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.3:eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el7eap.src" }, "product_reference": "eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el7eap.src", "relates_to_product_reference": "7Server-JBEAP-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jackson-datatype-jdk8-0:2.10.4-1.redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.3 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.3:eap7-jackson-datatype-jdk8-0:2.10.4-1.redhat_00001.1.el7eap.noarch" }, "product_reference": "eap7-jackson-datatype-jdk8-0:2.10.4-1.redhat_00001.1.el7eap.noarch", "relates_to_product_reference": "7Server-JBEAP-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jackson-datatype-jsr310-0:2.10.4-1.redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.3 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.3:eap7-jackson-datatype-jsr310-0:2.10.4-1.redhat_00001.1.el7eap.noarch" }, "product_reference": "eap7-jackson-datatype-jsr310-0:2.10.4-1.redhat_00001.1.el7eap.noarch", "relates_to_product_reference": "7Server-JBEAP-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jackson-jaxrs-base-0:2.10.4-1.redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.3 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.3:eap7-jackson-jaxrs-base-0:2.10.4-1.redhat_00001.1.el7eap.noarch" }, "product_reference": "eap7-jackson-jaxrs-base-0:2.10.4-1.redhat_00001.1.el7eap.noarch", "relates_to_product_reference": "7Server-JBEAP-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jackson-jaxrs-json-provider-0:2.10.4-1.redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.3 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.3:eap7-jackson-jaxrs-json-provider-0:2.10.4-1.redhat_00001.1.el7eap.noarch" }, "product_reference": "eap7-jackson-jaxrs-json-provider-0:2.10.4-1.redhat_00001.1.el7eap.noarch", "relates_to_product_reference": "7Server-JBEAP-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jackson-jaxrs-providers-0:2.10.4-1.redhat_00001.1.el7eap.src as a component of Red Hat JBoss EAP 7.3 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.3:eap7-jackson-jaxrs-providers-0:2.10.4-1.redhat_00001.1.el7eap.src" }, "product_reference": "eap7-jackson-jaxrs-providers-0:2.10.4-1.redhat_00001.1.el7eap.src", "relates_to_product_reference": "7Server-JBEAP-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jackson-module-jaxb-annotations-0:2.10.4-1.redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.3 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.3:eap7-jackson-module-jaxb-annotations-0:2.10.4-1.redhat_00001.1.el7eap.noarch" }, "product_reference": "eap7-jackson-module-jaxb-annotations-0:2.10.4-1.redhat_00001.1.el7eap.noarch", "relates_to_product_reference": "7Server-JBEAP-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.3 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.3:eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el7eap.noarch" }, "product_reference": "eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el7eap.noarch", "relates_to_product_reference": "7Server-JBEAP-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el7eap.src as a component of Red Hat JBoss EAP 7.3 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.3:eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el7eap.src" }, "product_reference": "eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el7eap.src", "relates_to_product_reference": "7Server-JBEAP-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.3 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.3:eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el7eap.noarch" }, "product_reference": "eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el7eap.noarch", "relates_to_product_reference": "7Server-JBEAP-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el7eap.src as a component of Red Hat JBoss EAP 7.3 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.3:eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el7eap.src" }, "product_reference": "eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el7eap.src", "relates_to_product_reference": "7Server-JBEAP-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.3 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.3:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el7eap.noarch" }, "product_reference": "eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el7eap.noarch", "relates_to_product_reference": "7Server-JBEAP-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el7eap.src as a component of Red Hat JBoss EAP 7.3 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.3:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el7eap.src" }, "product_reference": "eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el7eap.src", "relates_to_product_reference": "7Server-JBEAP-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.3 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.3:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el7eap.noarch" }, "product_reference": "eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el7eap.noarch", "relates_to_product_reference": "7Server-JBEAP-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el7eap.src as a component of Red Hat JBoss EAP 7.3 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.3:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el7eap.src" }, "product_reference": "eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el7eap.src", "relates_to_product_reference": "7Server-JBEAP-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.3 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el7eap.noarch" }, "product_reference": "eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el7eap.noarch", "relates_to_product_reference": "7Server-JBEAP-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el7eap.src as a component of Red Hat JBoss EAP 7.3 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el7eap.src" }, "product_reference": "eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el7eap.src", "relates_to_product_reference": "7Server-JBEAP-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.3 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch" }, "product_reference": "eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "relates_to_product_reference": "7Server-JBEAP-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el7eap.src as a component of Red Hat JBoss EAP 7.3 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el7eap.src" }, "product_reference": "eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el7eap.src", "relates_to_product_reference": "7Server-JBEAP-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jboss-server-migration-cli-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.3 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.3:eap7-jboss-server-migration-cli-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch" }, "product_reference": "eap7-jboss-server-migration-cli-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "relates_to_product_reference": "7Server-JBEAP-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jboss-server-migration-core-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.3 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.3:eap7-jboss-server-migration-core-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch" }, "product_reference": "eap7-jboss-server-migration-core-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "relates_to_product_reference": "7Server-JBEAP-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jboss-server-migration-eap6.4-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.3 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch" }, "product_reference": "eap7-jboss-server-migration-eap6.4-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "relates_to_product_reference": "7Server-JBEAP-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.3 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch" }, "product_reference": "eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "relates_to_product_reference": "7Server-JBEAP-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jboss-server-migration-eap7.0-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.3 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.0-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch" }, "product_reference": "eap7-jboss-server-migration-eap7.0-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "relates_to_product_reference": "7Server-JBEAP-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jboss-server-migration-eap7.1-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.3 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.1-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch" }, "product_reference": "eap7-jboss-server-migration-eap7.1-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "relates_to_product_reference": "7Server-JBEAP-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jboss-server-migration-eap7.2-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.3 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch" }, "product_reference": "eap7-jboss-server-migration-eap7.2-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "relates_to_product_reference": "7Server-JBEAP-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.3 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch" }, "product_reference": "eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "relates_to_product_reference": "7Server-JBEAP-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jboss-server-migration-eap7.3-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.3 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.3-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch" }, "product_reference": "eap7-jboss-server-migration-eap7.3-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "relates_to_product_reference": "7Server-JBEAP-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jboss-server-migration-wildfly10.0-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.3 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.0-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch" }, "product_reference": "eap7-jboss-server-migration-wildfly10.0-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "relates_to_product_reference": "7Server-JBEAP-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jboss-server-migration-wildfly10.1-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.3 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.1-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch" }, "product_reference": "eap7-jboss-server-migration-wildfly10.1-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "relates_to_product_reference": "7Server-JBEAP-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jboss-server-migration-wildfly11.0-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.3 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly11.0-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch" }, "product_reference": "eap7-jboss-server-migration-wildfly11.0-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "relates_to_product_reference": "7Server-JBEAP-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jboss-server-migration-wildfly12.0-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.3 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly12.0-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch" }, "product_reference": "eap7-jboss-server-migration-wildfly12.0-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "relates_to_product_reference": "7Server-JBEAP-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jboss-server-migration-wildfly13.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.3 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly13.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch" }, "product_reference": "eap7-jboss-server-migration-wildfly13.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "relates_to_product_reference": "7Server-JBEAP-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jboss-server-migration-wildfly14.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.3 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly14.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch" }, "product_reference": "eap7-jboss-server-migration-wildfly14.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "relates_to_product_reference": "7Server-JBEAP-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jboss-server-migration-wildfly15.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.3 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly15.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch" }, "product_reference": "eap7-jboss-server-migration-wildfly15.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "relates_to_product_reference": "7Server-JBEAP-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jboss-server-migration-wildfly16.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.3 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly16.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch" }, "product_reference": "eap7-jboss-server-migration-wildfly16.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "relates_to_product_reference": "7Server-JBEAP-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jboss-server-migration-wildfly17.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.3 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly17.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch" }, "product_reference": "eap7-jboss-server-migration-wildfly17.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "relates_to_product_reference": "7Server-JBEAP-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jboss-server-migration-wildfly18.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.3 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly18.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch" }, "product_reference": "eap7-jboss-server-migration-wildfly18.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "relates_to_product_reference": "7Server-JBEAP-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jboss-server-migration-wildfly8.2-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.3 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly8.2-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch" }, "product_reference": "eap7-jboss-server-migration-wildfly8.2-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "relates_to_product_reference": "7Server-JBEAP-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jboss-server-migration-wildfly9.0-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.3 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly9.0-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch" }, "product_reference": "eap7-jboss-server-migration-wildfly9.0-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "relates_to_product_reference": "7Server-JBEAP-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.3 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el7eap.noarch" }, "product_reference": "eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el7eap.noarch", "relates_to_product_reference": "7Server-JBEAP-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el7eap.src as a component of Red Hat JBoss EAP 7.3 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el7eap.src" }, "product_reference": "eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el7eap.src", "relates_to_product_reference": "7Server-JBEAP-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.3 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.3:eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el7eap.noarch" }, "product_reference": "eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el7eap.noarch", "relates_to_product_reference": "7Server-JBEAP-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el7eap.src as a component of Red Hat JBoss EAP 7.3 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.3:eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el7eap.src" }, "product_reference": "eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el7eap.src", "relates_to_product_reference": "7Server-JBEAP-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-netty-all-0:4.1.48-1.Final_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.3 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.3:eap7-netty-all-0:4.1.48-1.Final_redhat_00001.1.el7eap.noarch" }, "product_reference": "eap7-netty-all-0:4.1.48-1.Final_redhat_00001.1.el7eap.noarch", "relates_to_product_reference": "7Server-JBEAP-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.3 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.3:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el7eap.noarch" }, "product_reference": "eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el7eap.noarch", "relates_to_product_reference": "7Server-JBEAP-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el7eap.src as a component of Red Hat JBoss EAP 7.3 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.3:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el7eap.src" }, "product_reference": "eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el7eap.src", "relates_to_product_reference": "7Server-JBEAP-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-undertow-server-0:1.6.2-1.Final_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.3 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.3:eap7-undertow-server-0:1.6.2-1.Final_redhat_00001.1.el7eap.noarch" }, "product_reference": "eap7-undertow-server-0:1.6.2-1.Final_redhat_00001.1.el7eap.noarch", "relates_to_product_reference": "7Server-JBEAP-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.3 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.3:eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el7eap.noarch" }, "product_reference": "eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el7eap.noarch", "relates_to_product_reference": "7Server-JBEAP-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el7eap.src as a component of Red Hat JBoss EAP 7.3 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.3:eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el7eap.src" }, "product_reference": "eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el7eap.src", "relates_to_product_reference": "7Server-JBEAP-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.3 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.3:eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el7eap.noarch" }, "product_reference": "eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el7eap.noarch", "relates_to_product_reference": "7Server-JBEAP-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el7eap.src as a component of Red Hat JBoss EAP 7.3 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.3:eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el7eap.src" }, "product_reference": "eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el7eap.src", "relates_to_product_reference": "7Server-JBEAP-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.3 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el7eap.noarch" }, "product_reference": "eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el7eap.noarch", "relates_to_product_reference": "7Server-JBEAP-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el7eap.src as a component of Red Hat JBoss EAP 7.3 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el7eap.src" }, "product_reference": "eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el7eap.src", "relates_to_product_reference": "7Server-JBEAP-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-wildfly-elytron-tool-0:1.10.7-1.Final_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.3 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.3:eap7-wildfly-elytron-tool-0:1.10.7-1.Final_redhat_00001.1.el7eap.noarch" }, "product_reference": "eap7-wildfly-elytron-tool-0:1.10.7-1.Final_redhat_00001.1.el7eap.noarch", "relates_to_product_reference": "7Server-JBEAP-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.src as a component of Red Hat JBoss EAP 7.3 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.3:eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.src" }, "product_reference": "eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.src", "relates_to_product_reference": "7Server-JBEAP-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.3 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.3:eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch" }, "product_reference": "eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch", "relates_to_product_reference": "7Server-JBEAP-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.3 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.3:eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch" }, "product_reference": "eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch", "relates_to_product_reference": "7Server-JBEAP-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.3 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.3:eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch" }, "product_reference": "eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch", "relates_to_product_reference": "7Server-JBEAP-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.3 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.3:eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch" }, "product_reference": "eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch", "relates_to_product_reference": "7Server-JBEAP-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-wildfly-java-jdk11-0:7.3.2-4.GA_redhat_00002.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.3 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.3:eap7-wildfly-java-jdk11-0:7.3.2-4.GA_redhat_00002.1.el7eap.noarch" }, "product_reference": "eap7-wildfly-java-jdk11-0:7.3.2-4.GA_redhat_00002.1.el7eap.noarch", "relates_to_product_reference": "7Server-JBEAP-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-wildfly-java-jdk8-0:7.3.2-4.GA_redhat_00002.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.3 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.3:eap7-wildfly-java-jdk8-0:7.3.2-4.GA_redhat_00002.1.el7eap.noarch" }, "product_reference": "eap7-wildfly-java-jdk8-0:7.3.2-4.GA_redhat_00002.1.el7eap.noarch", "relates_to_product_reference": "7Server-JBEAP-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-wildfly-javadocs-0:7.3.2-4.GA_redhat_00002.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.3 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.3:eap7-wildfly-javadocs-0:7.3.2-4.GA_redhat_00002.1.el7eap.noarch" }, "product_reference": "eap7-wildfly-javadocs-0:7.3.2-4.GA_redhat_00002.1.el7eap.noarch", "relates_to_product_reference": "7Server-JBEAP-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-wildfly-modules-0:7.3.2-4.GA_redhat_00002.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.3 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.3:eap7-wildfly-modules-0:7.3.2-4.GA_redhat_00002.1.el7eap.noarch" }, "product_reference": "eap7-wildfly-modules-0:7.3.2-4.GA_redhat_00002.1.el7eap.noarch", "relates_to_product_reference": "7Server-JBEAP-7.3" } ] }, "vulnerabilities": [ { "acknowledgments": [ { "names": [ "Guillaume Smet" ], "organization": "Red Hat", "summary": "This issue was discovered by Red Hat." } ], "cve": "CVE-2019-14900", "cwe": { "id": "CWE-89", "name": "Improper Neutralization of Special Elements used in an SQL Command (\u0027SQL Injection\u0027)" }, "discovery_date": "2019-01-15T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1666499" } ], "notes": [ { "category": "description", "text": "A flaw was found in Hibernate ORM. A SQL injection in the implementation of the JPA Criteria API can permit unsanitized literals when a literal is used in the SELECT or GROUP BY parts of the query. This flaw could allow an attacker to access unauthorized information or possibly conduct further attacks.", "title": "Vulnerability description" }, { "category": "summary", "text": "hibernate: SQL injection issue in Hibernate ORM", "title": "Vulnerability summary" }, { "category": "other", "text": "OpenDaylight:\nIn RHOSP10, RHOSP13 and RHOSP14 editions of Red Hat OpenStack platform, the hibernate-jfa library shipped with OpenDaylight is contains a flaw in the processing of SQL queries. The hibernate-jha implemenation is not used in a vulnerable way in OpenDaylight, preventing the potential for SQL injection.\n\nRed Hat Satellite 6.2, 6.3 and 6.4 contains affected versions of hibernate-core in its candlepin component. However, that component does not use hibernate-core in a vulnerable way.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "7Server-JBEAP-7.3:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-elytron-web-0:1.6.2-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-infinispan-cachestore-jdbc-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-infinispan-cachestore-remote-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-infinispan-client-hotrod-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-infinispan-commons-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-infinispan-core-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-infinispan-hibernate-cache-commons-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-infinispan-hibernate-cache-spi-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-infinispan-hibernate-cache-v53-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-jackson-datatype-jdk8-0:2.10.4-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-datatype-jsr310-0:2.10.4-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-jaxrs-base-0:2.10.4-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-jaxrs-json-provider-0:2.10.4-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-jaxrs-providers-0:2.10.4-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-jackson-module-jaxb-annotations-0:2.10.4-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el7eap.src", "7Server-JBEAP-7.3:eap7-jboss-server-migration-cli-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-core-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.0-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.1-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.3-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.0-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.1-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly11.0-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly12.0-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly13.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly14.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly15.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly16.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly17.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly18.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly8.2-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly9.0-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-netty-all-0:4.1.48-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-undertow-server-0:1.6.2-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el7eap.src", "7Server-JBEAP-7.3:eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el7eap.src", "7Server-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-wildfly-elytron-tool-0:1.10.7-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-java-jdk11-0:7.3.2-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-java-jdk8-0:7.3.2-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-javadocs-0:7.3.2-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-modules-0:7.3.2-4.GA_redhat_00002.1.el7eap.noarch" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2019-14900" }, { "category": "external", "summary": "RHBZ#1666499", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1666499" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2019-14900", "url": "https://www.cve.org/CVERecord?id=CVE-2019-14900" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2019-14900", "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-14900" } ], "release_date": "2020-05-12T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2020-08-17T13:28:06+00:00", "details": "Before applying this update, ensure all previously released errata relevant to your system have been applied.\n\nFor details about how to apply this update, see:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "7Server-JBEAP-7.3:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-elytron-web-0:1.6.2-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-infinispan-cachestore-jdbc-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-infinispan-cachestore-remote-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-infinispan-client-hotrod-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-infinispan-commons-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-infinispan-core-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-infinispan-hibernate-cache-commons-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-infinispan-hibernate-cache-spi-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-infinispan-hibernate-cache-v53-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-jackson-datatype-jdk8-0:2.10.4-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-datatype-jsr310-0:2.10.4-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-jaxrs-base-0:2.10.4-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-jaxrs-json-provider-0:2.10.4-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-jaxrs-providers-0:2.10.4-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-jackson-module-jaxb-annotations-0:2.10.4-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el7eap.src", "7Server-JBEAP-7.3:eap7-jboss-server-migration-cli-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-core-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.0-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.1-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.3-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.0-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.1-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly11.0-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly12.0-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly13.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly14.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly15.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly16.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly17.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly18.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly8.2-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly9.0-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-netty-all-0:4.1.48-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-undertow-server-0:1.6.2-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el7eap.src", "7Server-JBEAP-7.3:eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el7eap.src", "7Server-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-wildfly-elytron-tool-0:1.10.7-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-java-jdk11-0:7.3.2-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-java-jdk8-0:7.3.2-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-javadocs-0:7.3.2-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-modules-0:7.3.2-4.GA_redhat_00002.1.el7eap.noarch" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2020:3462" }, { "category": "workaround", "details": "There is no currently known mitigation for this flaw.", "product_ids": [ "7Server-JBEAP-7.3:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-elytron-web-0:1.6.2-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-infinispan-cachestore-jdbc-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-infinispan-cachestore-remote-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-infinispan-client-hotrod-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-infinispan-commons-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-infinispan-core-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-infinispan-hibernate-cache-commons-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-infinispan-hibernate-cache-spi-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-infinispan-hibernate-cache-v53-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-jackson-datatype-jdk8-0:2.10.4-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-datatype-jsr310-0:2.10.4-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-jaxrs-base-0:2.10.4-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-jaxrs-json-provider-0:2.10.4-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-jaxrs-providers-0:2.10.4-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-jackson-module-jaxb-annotations-0:2.10.4-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el7eap.src", "7Server-JBEAP-7.3:eap7-jboss-server-migration-cli-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-core-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.0-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.1-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.3-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.0-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.1-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly11.0-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly12.0-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly13.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly14.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly15.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly16.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly17.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly18.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly8.2-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly9.0-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-netty-all-0:4.1.48-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-undertow-server-0:1.6.2-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el7eap.src", "7Server-JBEAP-7.3:eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el7eap.src", "7Server-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-wildfly-elytron-tool-0:1.10.7-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-java-jdk11-0:7.3.2-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-java-jdk8-0:7.3.2-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-javadocs-0:7.3.2-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-modules-0:7.3.2-4.GA_redhat_00002.1.el7eap.noarch" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "version": "3.1" }, "products": [ "7Server-JBEAP-7.3:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-elytron-web-0:1.6.2-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-infinispan-cachestore-jdbc-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-infinispan-cachestore-remote-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-infinispan-client-hotrod-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-infinispan-commons-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-infinispan-core-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-infinispan-hibernate-cache-commons-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-infinispan-hibernate-cache-spi-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-infinispan-hibernate-cache-v53-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-jackson-datatype-jdk8-0:2.10.4-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-datatype-jsr310-0:2.10.4-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-jaxrs-base-0:2.10.4-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-jaxrs-json-provider-0:2.10.4-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-jaxrs-providers-0:2.10.4-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-jackson-module-jaxb-annotations-0:2.10.4-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el7eap.src", "7Server-JBEAP-7.3:eap7-jboss-server-migration-cli-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-core-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.0-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.1-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.3-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.0-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.1-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly11.0-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly12.0-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly13.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly14.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly15.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly16.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly17.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly18.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly8.2-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly9.0-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-netty-all-0:4.1.48-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-undertow-server-0:1.6.2-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el7eap.src", "7Server-JBEAP-7.3:eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el7eap.src", "7Server-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-wildfly-elytron-tool-0:1.10.7-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-java-jdk11-0:7.3.2-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-java-jdk8-0:7.3.2-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-javadocs-0:7.3.2-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-modules-0:7.3.2-4.GA_redhat_00002.1.el7eap.noarch" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "hibernate: SQL injection issue in Hibernate ORM" }, { "cve": "CVE-2020-1710", "cwe": { "id": "CWE-113", "name": "Improper Neutralization of CRLF Sequences in HTTP Headers (\u0027HTTP Request/Response Splitting\u0027)" }, "discovery_date": "2019-12-20T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1793970" } ], "notes": [ { "category": "description", "text": "A flaw was discovered in JBoss EAP, where it does not process the header field-name in accordance with RFC7230. Whitespace between the header field-name and colon is processed, resulting in an HTTP response code of 200 instead of a bad request of 400.", "title": "Vulnerability description" }, { "category": "summary", "text": "EAP: field-name is not parsed in accordance to RFC7230", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "7Server-JBEAP-7.3:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-elytron-web-0:1.6.2-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-infinispan-cachestore-jdbc-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-infinispan-cachestore-remote-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-infinispan-client-hotrod-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-infinispan-commons-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-infinispan-core-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-infinispan-hibernate-cache-commons-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-infinispan-hibernate-cache-spi-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-infinispan-hibernate-cache-v53-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-jackson-datatype-jdk8-0:2.10.4-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-datatype-jsr310-0:2.10.4-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-jaxrs-base-0:2.10.4-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-jaxrs-json-provider-0:2.10.4-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-jaxrs-providers-0:2.10.4-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-jackson-module-jaxb-annotations-0:2.10.4-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el7eap.src", "7Server-JBEAP-7.3:eap7-jboss-server-migration-cli-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-core-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.0-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.1-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.3-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.0-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.1-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly11.0-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly12.0-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly13.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly14.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly15.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly16.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly17.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly18.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly8.2-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly9.0-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-netty-all-0:4.1.48-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-undertow-server-0:1.6.2-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el7eap.src", "7Server-JBEAP-7.3:eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el7eap.src", "7Server-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-wildfly-elytron-tool-0:1.10.7-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-java-jdk11-0:7.3.2-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-java-jdk8-0:7.3.2-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-javadocs-0:7.3.2-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-modules-0:7.3.2-4.GA_redhat_00002.1.el7eap.noarch" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2020-1710" }, { "category": "external", "summary": "RHBZ#1793970", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1793970" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2020-1710", "url": "https://www.cve.org/CVERecord?id=CVE-2020-1710" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-1710", "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-1710" } ], "release_date": "2020-08-06T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2020-08-17T13:28:06+00:00", "details": "Before applying this update, ensure all previously released errata relevant to your system have been applied.\n\nFor details about how to apply this update, see:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "7Server-JBEAP-7.3:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-elytron-web-0:1.6.2-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-infinispan-cachestore-jdbc-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-infinispan-cachestore-remote-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-infinispan-client-hotrod-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-infinispan-commons-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-infinispan-core-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-infinispan-hibernate-cache-commons-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-infinispan-hibernate-cache-spi-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-infinispan-hibernate-cache-v53-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-jackson-datatype-jdk8-0:2.10.4-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-datatype-jsr310-0:2.10.4-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-jaxrs-base-0:2.10.4-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-jaxrs-json-provider-0:2.10.4-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-jaxrs-providers-0:2.10.4-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-jackson-module-jaxb-annotations-0:2.10.4-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el7eap.src", "7Server-JBEAP-7.3:eap7-jboss-server-migration-cli-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-core-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.0-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.1-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.3-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.0-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.1-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly11.0-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly12.0-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly13.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly14.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly15.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly16.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly17.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly18.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly8.2-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly9.0-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-netty-all-0:4.1.48-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-undertow-server-0:1.6.2-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el7eap.src", "7Server-JBEAP-7.3:eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el7eap.src", "7Server-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-wildfly-elytron-tool-0:1.10.7-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-java-jdk11-0:7.3.2-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-java-jdk8-0:7.3.2-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-javadocs-0:7.3.2-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-modules-0:7.3.2-4.GA_redhat_00002.1.el7eap.noarch" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2020:3462" }, { "category": "workaround", "details": "There is currently no known mitigation for this issue.", "product_ids": [ "7Server-JBEAP-7.3:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-elytron-web-0:1.6.2-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-infinispan-cachestore-jdbc-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-infinispan-cachestore-remote-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-infinispan-client-hotrod-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-infinispan-commons-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-infinispan-core-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-infinispan-hibernate-cache-commons-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-infinispan-hibernate-cache-spi-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-infinispan-hibernate-cache-v53-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-jackson-datatype-jdk8-0:2.10.4-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-datatype-jsr310-0:2.10.4-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-jaxrs-base-0:2.10.4-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-jaxrs-json-provider-0:2.10.4-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-jaxrs-providers-0:2.10.4-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-jackson-module-jaxb-annotations-0:2.10.4-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el7eap.src", "7Server-JBEAP-7.3:eap7-jboss-server-migration-cli-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-core-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.0-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.1-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.3-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.0-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.1-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly11.0-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly12.0-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly13.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly14.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly15.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly16.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly17.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly18.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly8.2-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly9.0-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-netty-all-0:4.1.48-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-undertow-server-0:1.6.2-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el7eap.src", "7Server-JBEAP-7.3:eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el7eap.src", "7Server-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-wildfly-elytron-tool-0:1.10.7-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-java-jdk11-0:7.3.2-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-java-jdk8-0:7.3.2-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-javadocs-0:7.3.2-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-modules-0:7.3.2-4.GA_redhat_00002.1.el7eap.noarch" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", "version": "3.1" }, "products": [ "7Server-JBEAP-7.3:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-elytron-web-0:1.6.2-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-infinispan-cachestore-jdbc-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-infinispan-cachestore-remote-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-infinispan-client-hotrod-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-infinispan-commons-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-infinispan-core-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-infinispan-hibernate-cache-commons-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-infinispan-hibernate-cache-spi-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-infinispan-hibernate-cache-v53-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-jackson-datatype-jdk8-0:2.10.4-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-datatype-jsr310-0:2.10.4-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-jaxrs-base-0:2.10.4-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-jaxrs-json-provider-0:2.10.4-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-jaxrs-providers-0:2.10.4-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-jackson-module-jaxb-annotations-0:2.10.4-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el7eap.src", "7Server-JBEAP-7.3:eap7-jboss-server-migration-cli-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-core-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.0-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.1-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.3-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.0-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.1-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly11.0-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly12.0-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly13.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly14.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly15.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly16.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly17.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly18.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly8.2-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly9.0-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-netty-all-0:4.1.48-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-undertow-server-0:1.6.2-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el7eap.src", "7Server-JBEAP-7.3:eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el7eap.src", "7Server-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-wildfly-elytron-tool-0:1.10.7-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-java-jdk11-0:7.3.2-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-java-jdk8-0:7.3.2-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-javadocs-0:7.3.2-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-modules-0:7.3.2-4.GA_redhat_00002.1.el7eap.noarch" ] } ], "threats": [ { "category": "impact", "details": "Important" } ], "title": "EAP: field-name is not parsed in accordance to RFC7230" }, { "cve": "CVE-2020-1748", "cwe": { "id": "CWE-285", "name": "Improper Authorization" }, "discovery_date": "2020-02-26T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1807707" } ], "notes": [ { "category": "description", "text": "A flaw was found in Wildfly, where the WildFlySecurityManager checks were bypassed when using custom security managers, resulting in an improper authorization. This flaw leads to information exposure by unauthenticated access to secure resources.", "title": "Vulnerability description" }, { "category": "summary", "text": "Wildfly: Improper authorization issue in WildFlySecurityManager when using alternative protection domain", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "7Server-JBEAP-7.3:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-elytron-web-0:1.6.2-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-infinispan-cachestore-jdbc-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-infinispan-cachestore-remote-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-infinispan-client-hotrod-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-infinispan-commons-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-infinispan-core-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-infinispan-hibernate-cache-commons-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-infinispan-hibernate-cache-spi-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-infinispan-hibernate-cache-v53-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-jackson-datatype-jdk8-0:2.10.4-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-datatype-jsr310-0:2.10.4-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-jaxrs-base-0:2.10.4-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-jaxrs-json-provider-0:2.10.4-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-jaxrs-providers-0:2.10.4-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-jackson-module-jaxb-annotations-0:2.10.4-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el7eap.src", "7Server-JBEAP-7.3:eap7-jboss-server-migration-cli-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-core-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.0-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.1-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.3-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.0-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.1-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly11.0-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly12.0-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly13.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly14.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly15.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly16.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly17.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly18.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly8.2-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly9.0-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-netty-all-0:4.1.48-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-undertow-server-0:1.6.2-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el7eap.src", "7Server-JBEAP-7.3:eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el7eap.src", "7Server-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-wildfly-elytron-tool-0:1.10.7-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-java-jdk11-0:7.3.2-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-java-jdk8-0:7.3.2-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-javadocs-0:7.3.2-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-modules-0:7.3.2-4.GA_redhat_00002.1.el7eap.noarch" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2020-1748" }, { "category": "external", "summary": "RHBZ#1807707", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1807707" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2020-1748", "url": "https://www.cve.org/CVERecord?id=CVE-2020-1748" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-1748", "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-1748" } ], "release_date": "2020-08-06T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2020-08-17T13:28:06+00:00", "details": "Before applying this update, ensure all previously released errata relevant to your system have been applied.\n\nFor details about how to apply this update, see:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "7Server-JBEAP-7.3:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-elytron-web-0:1.6.2-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-infinispan-cachestore-jdbc-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-infinispan-cachestore-remote-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-infinispan-client-hotrod-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-infinispan-commons-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-infinispan-core-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-infinispan-hibernate-cache-commons-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-infinispan-hibernate-cache-spi-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-infinispan-hibernate-cache-v53-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-jackson-datatype-jdk8-0:2.10.4-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-datatype-jsr310-0:2.10.4-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-jaxrs-base-0:2.10.4-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-jaxrs-json-provider-0:2.10.4-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-jaxrs-providers-0:2.10.4-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-jackson-module-jaxb-annotations-0:2.10.4-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el7eap.src", "7Server-JBEAP-7.3:eap7-jboss-server-migration-cli-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-core-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.0-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.1-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.3-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.0-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.1-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly11.0-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly12.0-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly13.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly14.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly15.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly16.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly17.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly18.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly8.2-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly9.0-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-netty-all-0:4.1.48-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-undertow-server-0:1.6.2-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el7eap.src", "7Server-JBEAP-7.3:eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el7eap.src", "7Server-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-wildfly-elytron-tool-0:1.10.7-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-java-jdk11-0:7.3.2-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-java-jdk8-0:7.3.2-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-javadocs-0:7.3.2-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-modules-0:7.3.2-4.GA_redhat_00002.1.el7eap.noarch" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2020:3462" } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 4.8, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N", "version": "3.1" }, "products": [ "7Server-JBEAP-7.3:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-elytron-web-0:1.6.2-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-infinispan-cachestore-jdbc-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-infinispan-cachestore-remote-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-infinispan-client-hotrod-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-infinispan-commons-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-infinispan-core-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-infinispan-hibernate-cache-commons-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-infinispan-hibernate-cache-spi-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-infinispan-hibernate-cache-v53-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-jackson-datatype-jdk8-0:2.10.4-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-datatype-jsr310-0:2.10.4-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-jaxrs-base-0:2.10.4-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-jaxrs-json-provider-0:2.10.4-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-jaxrs-providers-0:2.10.4-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-jackson-module-jaxb-annotations-0:2.10.4-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el7eap.src", "7Server-JBEAP-7.3:eap7-jboss-server-migration-cli-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-core-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.0-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.1-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.3-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.0-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.1-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly11.0-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly12.0-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly13.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly14.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly15.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly16.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly17.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly18.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly8.2-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly9.0-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-netty-all-0:4.1.48-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-undertow-server-0:1.6.2-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el7eap.src", "7Server-JBEAP-7.3:eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el7eap.src", "7Server-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-wildfly-elytron-tool-0:1.10.7-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-java-jdk11-0:7.3.2-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-java-jdk8-0:7.3.2-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-javadocs-0:7.3.2-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-modules-0:7.3.2-4.GA_redhat_00002.1.el7eap.noarch" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "Wildfly: Improper authorization issue in WildFlySecurityManager when using alternative protection domain" }, { "cve": "CVE-2020-10672", "cwe": { "id": "CWE-96", "name": "Improper Neutralization of Directives in Statically Saved Code (\u0027Static Code Injection\u0027)" }, "discovery_date": "2020-03-19T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1815495" } ], "notes": [ { "category": "description", "text": "A flaw was found in jackson-databind 2.x in versions prior to 2.9.10.4. FasterXML jackson-databind 2.x mishandles the interaction between serialization gadgets and typing. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.", "title": "Vulnerability description" }, { "category": "summary", "text": "jackson-databind: mishandles the interaction between serialization gadgets and typing which could result in remote command execution", "title": "Vulnerability summary" }, { "category": "other", "text": "Red Hat OpenStack Platform ships OpenDaylight, which contains the vulnerable jackson-databind. However, OpenDaylight does not expose jackson-databind in a way that would make it vulnerable, lowering the impact of the vulnerability for OpenDaylight. As such, Red Hat will not be providing a fix for OpenDaylight at this time.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "7Server-JBEAP-7.3:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-elytron-web-0:1.6.2-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-infinispan-cachestore-jdbc-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-infinispan-cachestore-remote-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-infinispan-client-hotrod-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-infinispan-commons-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-infinispan-core-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-infinispan-hibernate-cache-commons-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-infinispan-hibernate-cache-spi-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-infinispan-hibernate-cache-v53-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-jackson-datatype-jdk8-0:2.10.4-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-datatype-jsr310-0:2.10.4-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-jaxrs-base-0:2.10.4-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-jaxrs-json-provider-0:2.10.4-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-jaxrs-providers-0:2.10.4-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-jackson-module-jaxb-annotations-0:2.10.4-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el7eap.src", "7Server-JBEAP-7.3:eap7-jboss-server-migration-cli-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-core-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.0-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.1-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.3-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.0-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.1-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly11.0-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly12.0-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly13.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly14.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly15.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly16.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly17.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly18.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly8.2-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly9.0-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-netty-all-0:4.1.48-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-undertow-server-0:1.6.2-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el7eap.src", "7Server-JBEAP-7.3:eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el7eap.src", "7Server-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-wildfly-elytron-tool-0:1.10.7-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-java-jdk11-0:7.3.2-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-java-jdk8-0:7.3.2-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-javadocs-0:7.3.2-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-modules-0:7.3.2-4.GA_redhat_00002.1.el7eap.noarch" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2020-10672" }, { "category": "external", "summary": "RHBZ#1815495", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1815495" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2020-10672", "url": "https://www.cve.org/CVERecord?id=CVE-2020-10672" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-10672", "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-10672" } ], "release_date": "2020-03-15T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2020-08-17T13:28:06+00:00", "details": "Before applying this update, ensure all previously released errata relevant to your system have been applied.\n\nFor details about how to apply this update, see:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "7Server-JBEAP-7.3:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-elytron-web-0:1.6.2-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-infinispan-cachestore-jdbc-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-infinispan-cachestore-remote-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-infinispan-client-hotrod-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-infinispan-commons-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-infinispan-core-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-infinispan-hibernate-cache-commons-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-infinispan-hibernate-cache-spi-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-infinispan-hibernate-cache-v53-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-jackson-datatype-jdk8-0:2.10.4-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-datatype-jsr310-0:2.10.4-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-jaxrs-base-0:2.10.4-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-jaxrs-json-provider-0:2.10.4-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-jaxrs-providers-0:2.10.4-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-jackson-module-jaxb-annotations-0:2.10.4-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el7eap.src", "7Server-JBEAP-7.3:eap7-jboss-server-migration-cli-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-core-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.0-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.1-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.3-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.0-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.1-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly11.0-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly12.0-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly13.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly14.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly15.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly16.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly17.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly18.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly8.2-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly9.0-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-netty-all-0:4.1.48-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-undertow-server-0:1.6.2-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el7eap.src", "7Server-JBEAP-7.3:eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el7eap.src", "7Server-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-wildfly-elytron-tool-0:1.10.7-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-java-jdk11-0:7.3.2-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-java-jdk8-0:7.3.2-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-javadocs-0:7.3.2-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-modules-0:7.3.2-4.GA_redhat_00002.1.el7eap.noarch" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2020:3462" } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.1, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "7Server-JBEAP-7.3:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-elytron-web-0:1.6.2-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-infinispan-cachestore-jdbc-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-infinispan-cachestore-remote-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-infinispan-client-hotrod-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-infinispan-commons-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-infinispan-core-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-infinispan-hibernate-cache-commons-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-infinispan-hibernate-cache-spi-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-infinispan-hibernate-cache-v53-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-jackson-datatype-jdk8-0:2.10.4-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-datatype-jsr310-0:2.10.4-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-jaxrs-base-0:2.10.4-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-jaxrs-json-provider-0:2.10.4-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-jaxrs-providers-0:2.10.4-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-jackson-module-jaxb-annotations-0:2.10.4-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el7eap.src", "7Server-JBEAP-7.3:eap7-jboss-server-migration-cli-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-core-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.0-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.1-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.3-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.0-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.1-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly11.0-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly12.0-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly13.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly14.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly15.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly16.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly17.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly18.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly8.2-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly9.0-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-netty-all-0:4.1.48-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-undertow-server-0:1.6.2-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el7eap.src", "7Server-JBEAP-7.3:eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el7eap.src", "7Server-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-wildfly-elytron-tool-0:1.10.7-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-java-jdk11-0:7.3.2-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-java-jdk8-0:7.3.2-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-javadocs-0:7.3.2-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-modules-0:7.3.2-4.GA_redhat_00002.1.el7eap.noarch" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "jackson-databind: mishandles the interaction between serialization gadgets and typing which could result in remote command execution" }, { "cve": "CVE-2020-10673", "cwe": { "id": "CWE-96", "name": "Improper Neutralization of Directives in Statically Saved Code (\u0027Static Code Injection\u0027)" }, "discovery_date": "2020-03-19T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1815470" } ], "notes": [ { "category": "description", "text": "A flaw was found in jackson-databind 2.x in versions prior to 2.9.10.4. FasterXML jackson-databind 2.x mishandles the interaction between serialization gadgets and typing. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.", "title": "Vulnerability description" }, { "category": "summary", "text": "jackson-databind: mishandles the interaction between serialization gadgets and typing which could result in remote command execution", "title": "Vulnerability summary" }, { "category": "other", "text": "Red Hat OpenStack Platform ships OpenDaylight, which contains the vulnerable jackson-databind. However, OpenDaylight does not expose jackson-databind in a way that would make it vulnerable, lowering the impact of the vulnerability for OpenDaylight. As such, Red Hat will not be providing a fix for OpenDaylight at this time. Additionally, the gadget is not available within Red Hat Openstack Platform\u0027s OpenDaylight.\n\nWhile OpenShift Container Platform\u0027s elasticsearch plugins do ship the vulnerable component, it doesn\u0027t do any of the unsafe things described in https://access.redhat.com/solutions/3279231. We may update the jackson-databind dependency in a future release.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "7Server-JBEAP-7.3:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-elytron-web-0:1.6.2-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-infinispan-cachestore-jdbc-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-infinispan-cachestore-remote-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-infinispan-client-hotrod-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-infinispan-commons-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-infinispan-core-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-infinispan-hibernate-cache-commons-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-infinispan-hibernate-cache-spi-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-infinispan-hibernate-cache-v53-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-jackson-datatype-jdk8-0:2.10.4-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-datatype-jsr310-0:2.10.4-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-jaxrs-base-0:2.10.4-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-jaxrs-json-provider-0:2.10.4-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-jaxrs-providers-0:2.10.4-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-jackson-module-jaxb-annotations-0:2.10.4-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el7eap.src", "7Server-JBEAP-7.3:eap7-jboss-server-migration-cli-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-core-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.0-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.1-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.3-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.0-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.1-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly11.0-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly12.0-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly13.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly14.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly15.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly16.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly17.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly18.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly8.2-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly9.0-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-netty-all-0:4.1.48-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-undertow-server-0:1.6.2-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el7eap.src", "7Server-JBEAP-7.3:eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el7eap.src", "7Server-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-wildfly-elytron-tool-0:1.10.7-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-java-jdk11-0:7.3.2-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-java-jdk8-0:7.3.2-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-javadocs-0:7.3.2-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-modules-0:7.3.2-4.GA_redhat_00002.1.el7eap.noarch" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2020-10673" }, { "category": "external", "summary": "RHBZ#1815470", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1815470" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2020-10673", "url": "https://www.cve.org/CVERecord?id=CVE-2020-10673" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-10673", "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-10673" } ], "release_date": "2020-03-18T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2020-08-17T13:28:06+00:00", "details": "Before applying this update, ensure all previously released errata relevant to your system have been applied.\n\nFor details about how to apply this update, see:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "7Server-JBEAP-7.3:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-elytron-web-0:1.6.2-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-infinispan-cachestore-jdbc-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-infinispan-cachestore-remote-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-infinispan-client-hotrod-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-infinispan-commons-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-infinispan-core-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-infinispan-hibernate-cache-commons-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-infinispan-hibernate-cache-spi-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-infinispan-hibernate-cache-v53-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-jackson-datatype-jdk8-0:2.10.4-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-datatype-jsr310-0:2.10.4-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-jaxrs-base-0:2.10.4-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-jaxrs-json-provider-0:2.10.4-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-jaxrs-providers-0:2.10.4-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-jackson-module-jaxb-annotations-0:2.10.4-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el7eap.src", "7Server-JBEAP-7.3:eap7-jboss-server-migration-cli-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-core-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.0-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.1-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.3-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.0-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.1-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly11.0-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly12.0-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly13.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly14.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly15.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly16.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly17.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly18.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly8.2-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly9.0-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-netty-all-0:4.1.48-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-undertow-server-0:1.6.2-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el7eap.src", "7Server-JBEAP-7.3:eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el7eap.src", "7Server-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-wildfly-elytron-tool-0:1.10.7-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-java-jdk11-0:7.3.2-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-java-jdk8-0:7.3.2-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-javadocs-0:7.3.2-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-modules-0:7.3.2-4.GA_redhat_00002.1.el7eap.noarch" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2020:3462" } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 5.6, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L", "version": "3.1" }, "products": [ "7Server-JBEAP-7.3:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-elytron-web-0:1.6.2-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-infinispan-cachestore-jdbc-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-infinispan-cachestore-remote-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-infinispan-client-hotrod-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-infinispan-commons-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-infinispan-core-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-infinispan-hibernate-cache-commons-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-infinispan-hibernate-cache-spi-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-infinispan-hibernate-cache-v53-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-jackson-datatype-jdk8-0:2.10.4-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-datatype-jsr310-0:2.10.4-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-jaxrs-base-0:2.10.4-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-jaxrs-json-provider-0:2.10.4-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-jaxrs-providers-0:2.10.4-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-jackson-module-jaxb-annotations-0:2.10.4-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el7eap.src", "7Server-JBEAP-7.3:eap7-jboss-server-migration-cli-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-core-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.0-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.1-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.3-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.0-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.1-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly11.0-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly12.0-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly13.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly14.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly15.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly16.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly17.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly18.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly8.2-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly9.0-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-netty-all-0:4.1.48-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-undertow-server-0:1.6.2-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el7eap.src", "7Server-JBEAP-7.3:eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el7eap.src", "7Server-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-wildfly-elytron-tool-0:1.10.7-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-java-jdk11-0:7.3.2-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-java-jdk8-0:7.3.2-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-javadocs-0:7.3.2-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-modules-0:7.3.2-4.GA_redhat_00002.1.el7eap.noarch" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "jackson-databind: mishandles the interaction between serialization gadgets and typing which could result in remote command execution" }, { "acknowledgments": [ { "names": [ "Adith Sudhakar" ] } ], "cve": "CVE-2020-10683", "cwe": { "id": "CWE-611", "name": "Improper Restriction of XML External Entity Reference" }, "discovery_date": "2019-03-28T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1694235" } ], "notes": [ { "category": "description", "text": "dom4j before 2.0.3 and 2.1.x before 2.1.3 allows external DTDs and External Entities by default, which might enable XXE attacks. However, there is popular external documentation from OWASP showing how to enable the safe, non-default behavior in any application that uses dom4j.", "title": "Vulnerability description" }, { "category": "summary", "text": "dom4j: XML External Entity vulnerability in default SAX parser", "title": "Vulnerability summary" }, { "category": "other", "text": "OpenShift Container Platform ships a vulnerable version of dom4j library. However it\u0027s used to parse configuration files, which are local disk resources. We\u0027ve rated this issue with a moderate impact for OpenShift Container Platform.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "7Server-JBEAP-7.3:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-elytron-web-0:1.6.2-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-infinispan-cachestore-jdbc-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-infinispan-cachestore-remote-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-infinispan-client-hotrod-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-infinispan-commons-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-infinispan-core-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-infinispan-hibernate-cache-commons-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-infinispan-hibernate-cache-spi-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-infinispan-hibernate-cache-v53-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-jackson-datatype-jdk8-0:2.10.4-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-datatype-jsr310-0:2.10.4-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-jaxrs-base-0:2.10.4-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-jaxrs-json-provider-0:2.10.4-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-jaxrs-providers-0:2.10.4-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-jackson-module-jaxb-annotations-0:2.10.4-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el7eap.src", "7Server-JBEAP-7.3:eap7-jboss-server-migration-cli-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-core-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.0-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.1-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.3-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.0-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.1-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly11.0-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly12.0-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly13.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly14.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly15.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly16.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly17.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly18.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly8.2-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly9.0-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-netty-all-0:4.1.48-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-undertow-server-0:1.6.2-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el7eap.src", "7Server-JBEAP-7.3:eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el7eap.src", "7Server-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-wildfly-elytron-tool-0:1.10.7-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-java-jdk11-0:7.3.2-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-java-jdk8-0:7.3.2-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-javadocs-0:7.3.2-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-modules-0:7.3.2-4.GA_redhat_00002.1.el7eap.noarch" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2020-10683" }, { "category": "external", "summary": "RHBZ#1694235", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1694235" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2020-10683", "url": "https://www.cve.org/CVERecord?id=CVE-2020-10683" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-10683", "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-10683" } ], "release_date": "2020-04-15T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2020-08-17T13:28:06+00:00", "details": "Before applying this update, ensure all previously released errata relevant to your system have been applied.\n\nFor details about how to apply this update, see:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "7Server-JBEAP-7.3:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-elytron-web-0:1.6.2-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-infinispan-cachestore-jdbc-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-infinispan-cachestore-remote-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-infinispan-client-hotrod-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-infinispan-commons-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-infinispan-core-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-infinispan-hibernate-cache-commons-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-infinispan-hibernate-cache-spi-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-infinispan-hibernate-cache-v53-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-jackson-datatype-jdk8-0:2.10.4-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-datatype-jsr310-0:2.10.4-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-jaxrs-base-0:2.10.4-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-jaxrs-json-provider-0:2.10.4-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-jaxrs-providers-0:2.10.4-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-jackson-module-jaxb-annotations-0:2.10.4-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el7eap.src", "7Server-JBEAP-7.3:eap7-jboss-server-migration-cli-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-core-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.0-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.1-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.3-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.0-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.1-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly11.0-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly12.0-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly13.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly14.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly15.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly16.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly17.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly18.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly8.2-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly9.0-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-netty-all-0:4.1.48-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-undertow-server-0:1.6.2-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el7eap.src", "7Server-JBEAP-7.3:eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el7eap.src", "7Server-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-wildfly-elytron-tool-0:1.10.7-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-java-jdk11-0:7.3.2-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-java-jdk8-0:7.3.2-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-javadocs-0:7.3.2-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-modules-0:7.3.2-4.GA_redhat_00002.1.el7eap.noarch" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2020:3462" } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 5.0, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:L", "version": "3.1" }, "products": [ "7Server-JBEAP-7.3:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-elytron-web-0:1.6.2-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-infinispan-cachestore-jdbc-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-infinispan-cachestore-remote-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-infinispan-client-hotrod-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-infinispan-commons-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-infinispan-core-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-infinispan-hibernate-cache-commons-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-infinispan-hibernate-cache-spi-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-infinispan-hibernate-cache-v53-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-jackson-datatype-jdk8-0:2.10.4-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-datatype-jsr310-0:2.10.4-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-jaxrs-base-0:2.10.4-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-jaxrs-json-provider-0:2.10.4-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-jaxrs-providers-0:2.10.4-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-jackson-module-jaxb-annotations-0:2.10.4-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el7eap.src", "7Server-JBEAP-7.3:eap7-jboss-server-migration-cli-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-core-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.0-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.1-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.3-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.0-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.1-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly11.0-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly12.0-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly13.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly14.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly15.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly16.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly17.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly18.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly8.2-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly9.0-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-netty-all-0:4.1.48-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-undertow-server-0:1.6.2-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el7eap.src", "7Server-JBEAP-7.3:eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el7eap.src", "7Server-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-wildfly-elytron-tool-0:1.10.7-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-java-jdk11-0:7.3.2-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-java-jdk8-0:7.3.2-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-javadocs-0:7.3.2-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-modules-0:7.3.2-4.GA_redhat_00002.1.el7eap.noarch" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "dom4j: XML External Entity vulnerability in default SAX parser" }, { "acknowledgments": [ { "names": [ "Aaron Ogburn" ], "organization": "Red Hat", "summary": "This issue was discovered by Red Hat." } ], "cve": "CVE-2020-10687", "cwe": { "id": "CWE-444", "name": "Inconsistent Interpretation of HTTP Requests (\u0027HTTP Request/Response Smuggling\u0027)" }, "discovery_date": "2019-06-27T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1785049" } ], "notes": [ { "category": "description", "text": "A flaw was discovered in Undertow where HTTP request smuggling related to CVE-2017-2666 is possible against HTTP/1.x and HTTP/2 due to permitting invalid characters in an HTTP request. This flaw allows an attacker to poison a web-cache, perform an XSS attack, or obtain sensitive information from request other than their own.", "title": "Vulnerability description" }, { "category": "summary", "text": "Undertow: Incomplete fix for CVE-2017-2666 due to permitting invalid characters in HTTP requests", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "7Server-JBEAP-7.3:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-elytron-web-0:1.6.2-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-infinispan-cachestore-jdbc-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-infinispan-cachestore-remote-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-infinispan-client-hotrod-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-infinispan-commons-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-infinispan-core-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-infinispan-hibernate-cache-commons-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-infinispan-hibernate-cache-spi-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-infinispan-hibernate-cache-v53-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-jackson-datatype-jdk8-0:2.10.4-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-datatype-jsr310-0:2.10.4-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-jaxrs-base-0:2.10.4-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-jaxrs-json-provider-0:2.10.4-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-jaxrs-providers-0:2.10.4-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-jackson-module-jaxb-annotations-0:2.10.4-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el7eap.src", "7Server-JBEAP-7.3:eap7-jboss-server-migration-cli-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-core-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.0-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.1-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.3-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.0-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.1-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly11.0-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly12.0-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly13.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly14.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly15.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly16.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly17.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly18.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly8.2-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly9.0-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-netty-all-0:4.1.48-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-undertow-server-0:1.6.2-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el7eap.src", "7Server-JBEAP-7.3:eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el7eap.src", "7Server-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-wildfly-elytron-tool-0:1.10.7-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-java-jdk11-0:7.3.2-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-java-jdk8-0:7.3.2-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-javadocs-0:7.3.2-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-modules-0:7.3.2-4.GA_redhat_00002.1.el7eap.noarch" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2020-10687" }, { "category": "external", "summary": "RHBZ#1785049", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1785049" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2020-10687", "url": "https://www.cve.org/CVERecord?id=CVE-2020-10687" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-10687", "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-10687" } ], "release_date": "2020-04-15T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2020-08-17T13:28:06+00:00", "details": "Before applying this update, ensure all previously released errata relevant to your system have been applied.\n\nFor details about how to apply this update, see:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "7Server-JBEAP-7.3:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-elytron-web-0:1.6.2-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-infinispan-cachestore-jdbc-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-infinispan-cachestore-remote-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-infinispan-client-hotrod-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-infinispan-commons-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-infinispan-core-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-infinispan-hibernate-cache-commons-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-infinispan-hibernate-cache-spi-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-infinispan-hibernate-cache-v53-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-jackson-datatype-jdk8-0:2.10.4-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-datatype-jsr310-0:2.10.4-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-jaxrs-base-0:2.10.4-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-jaxrs-json-provider-0:2.10.4-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-jaxrs-providers-0:2.10.4-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-jackson-module-jaxb-annotations-0:2.10.4-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el7eap.src", "7Server-JBEAP-7.3:eap7-jboss-server-migration-cli-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-core-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.0-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.1-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.3-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.0-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.1-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly11.0-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly12.0-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly13.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly14.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly15.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly16.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly17.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly18.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly8.2-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly9.0-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-netty-all-0:4.1.48-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-undertow-server-0:1.6.2-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el7eap.src", "7Server-JBEAP-7.3:eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el7eap.src", "7Server-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-wildfly-elytron-tool-0:1.10.7-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-java-jdk11-0:7.3.2-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-java-jdk8-0:7.3.2-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-javadocs-0:7.3.2-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-modules-0:7.3.2-4.GA_redhat_00002.1.el7eap.noarch" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2020:3462" } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 4.8, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N", "version": "3.0" }, "products": [ "7Server-JBEAP-7.3:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-elytron-web-0:1.6.2-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-infinispan-cachestore-jdbc-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-infinispan-cachestore-remote-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-infinispan-client-hotrod-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-infinispan-commons-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-infinispan-core-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-infinispan-hibernate-cache-commons-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-infinispan-hibernate-cache-spi-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-infinispan-hibernate-cache-v53-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-jackson-datatype-jdk8-0:2.10.4-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-datatype-jsr310-0:2.10.4-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-jaxrs-base-0:2.10.4-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-jaxrs-json-provider-0:2.10.4-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-jaxrs-providers-0:2.10.4-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-jackson-module-jaxb-annotations-0:2.10.4-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el7eap.src", "7Server-JBEAP-7.3:eap7-jboss-server-migration-cli-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-core-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.0-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.1-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.3-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.0-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.1-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly11.0-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly12.0-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly13.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly14.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly15.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly16.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly17.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly18.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly8.2-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly9.0-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-netty-all-0:4.1.48-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-undertow-server-0:1.6.2-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el7eap.src", "7Server-JBEAP-7.3:eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el7eap.src", "7Server-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-wildfly-elytron-tool-0:1.10.7-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-java-jdk11-0:7.3.2-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-java-jdk8-0:7.3.2-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-javadocs-0:7.3.2-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-modules-0:7.3.2-4.GA_redhat_00002.1.el7eap.noarch" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "Undertow: Incomplete fix for CVE-2017-2666 due to permitting invalid characters in HTTP requests" }, { "acknowledgments": [ { "names": [ "Alvaro Mu\u00f1oz" ], "organization": "GitHub Security Labs" } ], "cve": "CVE-2020-10693", "cwe": { "id": "CWE-20", "name": "Improper Input Validation" }, "discovery_date": "2020-02-05T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1805501" } ], "notes": [ { "category": "description", "text": "A flaw was found in Hibernate Validator version 6.1.2.Final. A bug in the message interpolation processor enables invalid EL expressions to be evaluated as if they were valid. This flaw allows attackers to bypass input sanitation (escaping, stripping) controls that developers may have put in place when handling user-controlled data in error messages.", "title": "Vulnerability description" }, { "category": "summary", "text": "hibernate-validator: Improper input validation in the interpolation of constraint error messages", "title": "Vulnerability summary" }, { "category": "other", "text": "hibernate-validator is packaged with Red Hat OpenStack Platform 13.0\u0027s OpenDaylight (ODL). However, because ODL is technical preview in this version and the flaw is moderate, Red Hat will not be releasing a fix for the OpenStack package at this time.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "7Server-JBEAP-7.3:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-elytron-web-0:1.6.2-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-infinispan-cachestore-jdbc-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-infinispan-cachestore-remote-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-infinispan-client-hotrod-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-infinispan-commons-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-infinispan-core-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-infinispan-hibernate-cache-commons-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-infinispan-hibernate-cache-spi-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-infinispan-hibernate-cache-v53-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-jackson-datatype-jdk8-0:2.10.4-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-datatype-jsr310-0:2.10.4-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-jaxrs-base-0:2.10.4-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-jaxrs-json-provider-0:2.10.4-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-jaxrs-providers-0:2.10.4-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-jackson-module-jaxb-annotations-0:2.10.4-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el7eap.src", "7Server-JBEAP-7.3:eap7-jboss-server-migration-cli-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-core-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.0-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.1-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.3-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.0-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.1-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly11.0-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly12.0-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly13.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly14.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly15.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly16.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly17.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly18.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly8.2-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly9.0-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-netty-all-0:4.1.48-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-undertow-server-0:1.6.2-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el7eap.src", "7Server-JBEAP-7.3:eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el7eap.src", "7Server-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-wildfly-elytron-tool-0:1.10.7-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-java-jdk11-0:7.3.2-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-java-jdk8-0:7.3.2-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-javadocs-0:7.3.2-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-modules-0:7.3.2-4.GA_redhat_00002.1.el7eap.noarch" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2020-10693" }, { "category": "external", "summary": "RHBZ#1805501", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1805501" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2020-10693", "url": "https://www.cve.org/CVERecord?id=CVE-2020-10693" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-10693", "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-10693" } ], "release_date": "2020-05-05T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2020-08-17T13:28:06+00:00", "details": "Before applying this update, ensure all previously released errata relevant to your system have been applied.\n\nFor details about how to apply this update, see:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "7Server-JBEAP-7.3:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-elytron-web-0:1.6.2-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-infinispan-cachestore-jdbc-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-infinispan-cachestore-remote-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-infinispan-client-hotrod-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-infinispan-commons-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-infinispan-core-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-infinispan-hibernate-cache-commons-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-infinispan-hibernate-cache-spi-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-infinispan-hibernate-cache-v53-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-jackson-datatype-jdk8-0:2.10.4-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-datatype-jsr310-0:2.10.4-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-jaxrs-base-0:2.10.4-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-jaxrs-json-provider-0:2.10.4-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-jaxrs-providers-0:2.10.4-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-jackson-module-jaxb-annotations-0:2.10.4-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el7eap.src", "7Server-JBEAP-7.3:eap7-jboss-server-migration-cli-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-core-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.0-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.1-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.3-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.0-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.1-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly11.0-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly12.0-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly13.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly14.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly15.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly16.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly17.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly18.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly8.2-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly9.0-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-netty-all-0:4.1.48-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-undertow-server-0:1.6.2-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el7eap.src", "7Server-JBEAP-7.3:eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el7eap.src", "7Server-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-wildfly-elytron-tool-0:1.10.7-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-java-jdk11-0:7.3.2-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-java-jdk8-0:7.3.2-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-javadocs-0:7.3.2-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-modules-0:7.3.2-4.GA_redhat_00002.1.el7eap.noarch" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2020:3462" }, { "category": "workaround", "details": "You can pass user input as an expression variable by unwrapping the context to HibernateConstraintValidatorContext. Please refer to the https://in.relation.to/2020/05/07/hibernate-validator-615-6020-released/ and https://docs.jboss.org/hibernate/stable/validator/reference/en-US/html_single/#_the_code_constraintvalidatorcontext_code.", "product_ids": [ "7Server-JBEAP-7.3:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-elytron-web-0:1.6.2-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-infinispan-cachestore-jdbc-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-infinispan-cachestore-remote-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-infinispan-client-hotrod-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-infinispan-commons-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-infinispan-core-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-infinispan-hibernate-cache-commons-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-infinispan-hibernate-cache-spi-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-infinispan-hibernate-cache-v53-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-jackson-datatype-jdk8-0:2.10.4-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-datatype-jsr310-0:2.10.4-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-jaxrs-base-0:2.10.4-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-jaxrs-json-provider-0:2.10.4-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-jaxrs-providers-0:2.10.4-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-jackson-module-jaxb-annotations-0:2.10.4-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el7eap.src", "7Server-JBEAP-7.3:eap7-jboss-server-migration-cli-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-core-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.0-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.1-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.3-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.0-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.1-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly11.0-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly12.0-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly13.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly14.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly15.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly16.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly17.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly18.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly8.2-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly9.0-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-netty-all-0:4.1.48-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-undertow-server-0:1.6.2-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el7eap.src", "7Server-JBEAP-7.3:eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el7eap.src", "7Server-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-wildfly-elytron-tool-0:1.10.7-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-java-jdk11-0:7.3.2-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-java-jdk8-0:7.3.2-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-javadocs-0:7.3.2-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-modules-0:7.3.2-4.GA_redhat_00002.1.el7eap.noarch" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", "version": "3.1" }, "products": [ "7Server-JBEAP-7.3:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-elytron-web-0:1.6.2-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-infinispan-cachestore-jdbc-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-infinispan-cachestore-remote-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-infinispan-client-hotrod-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-infinispan-commons-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-infinispan-core-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-infinispan-hibernate-cache-commons-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-infinispan-hibernate-cache-spi-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-infinispan-hibernate-cache-v53-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-jackson-datatype-jdk8-0:2.10.4-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-datatype-jsr310-0:2.10.4-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-jaxrs-base-0:2.10.4-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-jaxrs-json-provider-0:2.10.4-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-jaxrs-providers-0:2.10.4-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-jackson-module-jaxb-annotations-0:2.10.4-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el7eap.src", "7Server-JBEAP-7.3:eap7-jboss-server-migration-cli-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-core-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.0-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.1-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.3-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.0-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.1-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly11.0-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly12.0-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly13.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly14.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly15.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly16.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly17.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly18.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly8.2-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly9.0-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-netty-all-0:4.1.48-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-undertow-server-0:1.6.2-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el7eap.src", "7Server-JBEAP-7.3:eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el7eap.src", "7Server-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-wildfly-elytron-tool-0:1.10.7-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-java-jdk11-0:7.3.2-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-java-jdk8-0:7.3.2-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-javadocs-0:7.3.2-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-modules-0:7.3.2-4.GA_redhat_00002.1.el7eap.noarch" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "hibernate-validator: Improper input validation in the interpolation of constraint error messages" }, { "acknowledgments": [ { "names": [ "Mark Banierink" ], "organization": "Nedap" } ], "cve": "CVE-2020-10714", "cwe": { "id": "CWE-384", "name": "Session Fixation" }, "discovery_date": "2020-03-24T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1825714" } ], "notes": [ { "category": "description", "text": "A flaw was found in WildFly Elytron version 1.11.3.Final and before. When using WildFly Elytron FORM authentication with a session ID in the URL, an attacker could perform a session fixation attack. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.", "title": "Vulnerability description" }, { "category": "summary", "text": "wildfly-elytron: session fixation when using FORM authentication", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "7Server-JBEAP-7.3:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-elytron-web-0:1.6.2-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-infinispan-cachestore-jdbc-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-infinispan-cachestore-remote-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-infinispan-client-hotrod-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-infinispan-commons-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-infinispan-core-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-infinispan-hibernate-cache-commons-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-infinispan-hibernate-cache-spi-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-infinispan-hibernate-cache-v53-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-jackson-datatype-jdk8-0:2.10.4-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-datatype-jsr310-0:2.10.4-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-jaxrs-base-0:2.10.4-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-jaxrs-json-provider-0:2.10.4-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-jaxrs-providers-0:2.10.4-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-jackson-module-jaxb-annotations-0:2.10.4-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el7eap.src", "7Server-JBEAP-7.3:eap7-jboss-server-migration-cli-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-core-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.0-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.1-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.3-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.0-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.1-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly11.0-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly12.0-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly13.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly14.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly15.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly16.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly17.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly18.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly8.2-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly9.0-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-netty-all-0:4.1.48-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-undertow-server-0:1.6.2-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el7eap.src", "7Server-JBEAP-7.3:eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el7eap.src", "7Server-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-wildfly-elytron-tool-0:1.10.7-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-java-jdk11-0:7.3.2-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-java-jdk8-0:7.3.2-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-javadocs-0:7.3.2-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-modules-0:7.3.2-4.GA_redhat_00002.1.el7eap.noarch" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2020-10714" }, { "category": "external", "summary": "RHBZ#1825714", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1825714" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2020-10714", "url": "https://www.cve.org/CVERecord?id=CVE-2020-10714" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-10714", "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-10714" } ], "release_date": "2020-04-28T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2020-08-17T13:28:06+00:00", "details": "Before applying this update, ensure all previously released errata relevant to your system have been applied.\n\nFor details about how to apply this update, see:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "7Server-JBEAP-7.3:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-elytron-web-0:1.6.2-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-infinispan-cachestore-jdbc-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-infinispan-cachestore-remote-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-infinispan-client-hotrod-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-infinispan-commons-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-infinispan-core-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-infinispan-hibernate-cache-commons-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-infinispan-hibernate-cache-spi-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-infinispan-hibernate-cache-v53-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-jackson-datatype-jdk8-0:2.10.4-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-datatype-jsr310-0:2.10.4-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-jaxrs-base-0:2.10.4-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-jaxrs-json-provider-0:2.10.4-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-jaxrs-providers-0:2.10.4-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-jackson-module-jaxb-annotations-0:2.10.4-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el7eap.src", "7Server-JBEAP-7.3:eap7-jboss-server-migration-cli-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-core-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.0-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.1-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.3-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.0-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.1-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly11.0-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly12.0-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly13.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly14.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly15.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly16.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly17.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly18.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly8.2-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly9.0-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-netty-all-0:4.1.48-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-undertow-server-0:1.6.2-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el7eap.src", "7Server-JBEAP-7.3:eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el7eap.src", "7Server-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-wildfly-elytron-tool-0:1.10.7-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-java-jdk11-0:7.3.2-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-java-jdk8-0:7.3.2-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-javadocs-0:7.3.2-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-modules-0:7.3.2-4.GA_redhat_00002.1.el7eap.noarch" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2020:3462" }, { "category": "workaround", "details": "This attack is dependent on the attacker being able to create a session and the victim accessing the session before the session expires, we do have a 15 minute session timeout by default but the attacker could also keep this alive by say sending in a request every five minutes.\n\nThe server by default supports session tracking by URL and Cookie, if the web.xml is updated to support COOKIE only the exploit is not possible by sharing the link.\n~~~\n \u003csession-config\u003e\n \u003ctracking-mode\u003eURL\u003c/tracking-mode\u003e\n \u003c/session-config\u003e\n~~~\nTO\n~~~\n \u003csession-config\u003e\n \u003ctracking-mode\u003eCOOKIE\u003c/tracking-mode\u003e\n \u003c/session-config\u003e\n~~~", "product_ids": [ "7Server-JBEAP-7.3:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-elytron-web-0:1.6.2-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-infinispan-cachestore-jdbc-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-infinispan-cachestore-remote-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-infinispan-client-hotrod-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-infinispan-commons-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-infinispan-core-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-infinispan-hibernate-cache-commons-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-infinispan-hibernate-cache-spi-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-infinispan-hibernate-cache-v53-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-jackson-datatype-jdk8-0:2.10.4-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-datatype-jsr310-0:2.10.4-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-jaxrs-base-0:2.10.4-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-jaxrs-json-provider-0:2.10.4-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-jaxrs-providers-0:2.10.4-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-jackson-module-jaxb-annotations-0:2.10.4-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el7eap.src", "7Server-JBEAP-7.3:eap7-jboss-server-migration-cli-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-core-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.0-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.1-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.3-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.0-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.1-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly11.0-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly12.0-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly13.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly14.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly15.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly16.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly17.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly18.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly8.2-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly9.0-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-netty-all-0:4.1.48-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-undertow-server-0:1.6.2-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el7eap.src", "7Server-JBEAP-7.3:eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el7eap.src", "7Server-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-wildfly-elytron-tool-0:1.10.7-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-java-jdk11-0:7.3.2-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-java-jdk8-0:7.3.2-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-javadocs-0:7.3.2-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-modules-0:7.3.2-4.GA_redhat_00002.1.el7eap.noarch" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "7Server-JBEAP-7.3:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-elytron-web-0:1.6.2-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-infinispan-cachestore-jdbc-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-infinispan-cachestore-remote-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-infinispan-client-hotrod-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-infinispan-commons-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-infinispan-core-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-infinispan-hibernate-cache-commons-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-infinispan-hibernate-cache-spi-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-infinispan-hibernate-cache-v53-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-jackson-datatype-jdk8-0:2.10.4-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-datatype-jsr310-0:2.10.4-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-jaxrs-base-0:2.10.4-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-jaxrs-json-provider-0:2.10.4-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-jaxrs-providers-0:2.10.4-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-jackson-module-jaxb-annotations-0:2.10.4-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el7eap.src", "7Server-JBEAP-7.3:eap7-jboss-server-migration-cli-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-core-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.0-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.1-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.3-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.0-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.1-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly11.0-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly12.0-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly13.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly14.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly15.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly16.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly17.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly18.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly8.2-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly9.0-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-netty-all-0:4.1.48-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-undertow-server-0:1.6.2-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el7eap.src", "7Server-JBEAP-7.3:eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el7eap.src", "7Server-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-wildfly-elytron-tool-0:1.10.7-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-java-jdk11-0:7.3.2-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-java-jdk8-0:7.3.2-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-javadocs-0:7.3.2-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-modules-0:7.3.2-4.GA_redhat_00002.1.el7eap.noarch" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "wildfly-elytron: session fixation when using FORM authentication" }, { "acknowledgments": [ { "names": [ "James R. Perkins" ], "organization": "Red Hat", "summary": "This issue was discovered by Red Hat." } ], "cve": "CVE-2020-10718", "cwe": { "id": "CWE-749", "name": "Exposed Dangerous Method or Function" }, "discovery_date": "2020-03-09T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1828476" } ], "notes": [ { "category": "description", "text": "A flaw was found in Wildfly, where the embedded managed process API has an exposed setting of the Thread Context Classloader (TCCL). This setting is exposed as a public method, which can bypass the security manager. The highest threat from this vulnerability is to confidentiality.", "title": "Vulnerability description" }, { "category": "summary", "text": "wildfly: exposed setting of TCCL via the EmbeddedManagedProcess API", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "7Server-JBEAP-7.3:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-elytron-web-0:1.6.2-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-infinispan-cachestore-jdbc-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-infinispan-cachestore-remote-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-infinispan-client-hotrod-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-infinispan-commons-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-infinispan-core-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-infinispan-hibernate-cache-commons-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-infinispan-hibernate-cache-spi-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-infinispan-hibernate-cache-v53-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-jackson-datatype-jdk8-0:2.10.4-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-datatype-jsr310-0:2.10.4-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-jaxrs-base-0:2.10.4-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-jaxrs-json-provider-0:2.10.4-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-jaxrs-providers-0:2.10.4-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-jackson-module-jaxb-annotations-0:2.10.4-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el7eap.src", "7Server-JBEAP-7.3:eap7-jboss-server-migration-cli-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-core-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.0-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.1-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.3-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.0-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.1-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly11.0-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly12.0-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly13.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly14.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly15.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly16.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly17.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly18.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly8.2-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly9.0-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-netty-all-0:4.1.48-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-undertow-server-0:1.6.2-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el7eap.src", "7Server-JBEAP-7.3:eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el7eap.src", "7Server-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-wildfly-elytron-tool-0:1.10.7-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-java-jdk11-0:7.3.2-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-java-jdk8-0:7.3.2-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-javadocs-0:7.3.2-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-modules-0:7.3.2-4.GA_redhat_00002.1.el7eap.noarch" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2020-10718" }, { "category": "external", "summary": "RHBZ#1828476", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1828476" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2020-10718", "url": "https://www.cve.org/CVERecord?id=CVE-2020-10718" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-10718", "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-10718" } ], "release_date": "2020-08-06T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2020-08-17T13:28:06+00:00", "details": "Before applying this update, ensure all previously released errata relevant to your system have been applied.\n\nFor details about how to apply this update, see:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "7Server-JBEAP-7.3:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-elytron-web-0:1.6.2-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-infinispan-cachestore-jdbc-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-infinispan-cachestore-remote-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-infinispan-client-hotrod-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-infinispan-commons-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-infinispan-core-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-infinispan-hibernate-cache-commons-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-infinispan-hibernate-cache-spi-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-infinispan-hibernate-cache-v53-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-jackson-datatype-jdk8-0:2.10.4-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-datatype-jsr310-0:2.10.4-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-jaxrs-base-0:2.10.4-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-jaxrs-json-provider-0:2.10.4-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-jaxrs-providers-0:2.10.4-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-jackson-module-jaxb-annotations-0:2.10.4-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el7eap.src", "7Server-JBEAP-7.3:eap7-jboss-server-migration-cli-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-core-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.0-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.1-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.3-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.0-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.1-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly11.0-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly12.0-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly13.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly14.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly15.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly16.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly17.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly18.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly8.2-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly9.0-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-netty-all-0:4.1.48-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-undertow-server-0:1.6.2-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el7eap.src", "7Server-JBEAP-7.3:eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el7eap.src", "7Server-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-wildfly-elytron-tool-0:1.10.7-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-java-jdk11-0:7.3.2-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-java-jdk8-0:7.3.2-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-javadocs-0:7.3.2-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-modules-0:7.3.2-4.GA_redhat_00002.1.el7eap.noarch" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2020:3462" } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.9, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.1" }, "products": [ "7Server-JBEAP-7.3:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-elytron-web-0:1.6.2-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-infinispan-cachestore-jdbc-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-infinispan-cachestore-remote-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-infinispan-client-hotrod-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-infinispan-commons-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-infinispan-core-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-infinispan-hibernate-cache-commons-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-infinispan-hibernate-cache-spi-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-infinispan-hibernate-cache-v53-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-jackson-datatype-jdk8-0:2.10.4-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-datatype-jsr310-0:2.10.4-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-jaxrs-base-0:2.10.4-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-jaxrs-json-provider-0:2.10.4-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-jaxrs-providers-0:2.10.4-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-jackson-module-jaxb-annotations-0:2.10.4-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el7eap.src", "7Server-JBEAP-7.3:eap7-jboss-server-migration-cli-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-core-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.0-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.1-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.3-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.0-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.1-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly11.0-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly12.0-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly13.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly14.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly15.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly16.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly17.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly18.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly8.2-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly9.0-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-netty-all-0:4.1.48-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-undertow-server-0:1.6.2-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el7eap.src", "7Server-JBEAP-7.3:eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el7eap.src", "7Server-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-wildfly-elytron-tool-0:1.10.7-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-java-jdk11-0:7.3.2-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-java-jdk8-0:7.3.2-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-javadocs-0:7.3.2-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-modules-0:7.3.2-4.GA_redhat_00002.1.el7eap.noarch" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "wildfly: exposed setting of TCCL via the EmbeddedManagedProcess API" }, { "acknowledgments": [ { "names": [ "Moritz Bechler" ], "organization": "SySS GmbH" } ], "cve": "CVE-2020-10740", "cwe": { "id": "CWE-502", "name": "Deserialization of Untrusted Data" }, "discovery_date": "2020-03-25T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1834512" } ], "notes": [ { "category": "description", "text": "A flaw was found in Wildfly. A remote deserialization attack is possible in the Enterprise Application Beans (EJB) due to lack of validation/filtering capabilities in wildfly. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availablity.", "title": "Vulnerability description" }, { "category": "summary", "text": "wildfly: unsafe deserialization in Wildfly Enterprise Java Beans", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "7Server-JBEAP-7.3:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-elytron-web-0:1.6.2-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-infinispan-cachestore-jdbc-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-infinispan-cachestore-remote-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-infinispan-client-hotrod-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-infinispan-commons-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-infinispan-core-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-infinispan-hibernate-cache-commons-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-infinispan-hibernate-cache-spi-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-infinispan-hibernate-cache-v53-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-jackson-datatype-jdk8-0:2.10.4-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-datatype-jsr310-0:2.10.4-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-jaxrs-base-0:2.10.4-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-jaxrs-json-provider-0:2.10.4-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-jaxrs-providers-0:2.10.4-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-jackson-module-jaxb-annotations-0:2.10.4-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el7eap.src", "7Server-JBEAP-7.3:eap7-jboss-server-migration-cli-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-core-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.0-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.1-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.3-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.0-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.1-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly11.0-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly12.0-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly13.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly14.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly15.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly16.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly17.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly18.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly8.2-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly9.0-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-netty-all-0:4.1.48-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-undertow-server-0:1.6.2-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el7eap.src", "7Server-JBEAP-7.3:eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el7eap.src", "7Server-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-wildfly-elytron-tool-0:1.10.7-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-java-jdk11-0:7.3.2-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-java-jdk8-0:7.3.2-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-javadocs-0:7.3.2-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-modules-0:7.3.2-4.GA_redhat_00002.1.el7eap.noarch" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2020-10740" }, { "category": "external", "summary": "RHBZ#1834512", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1834512" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2020-10740", "url": "https://www.cve.org/CVERecord?id=CVE-2020-10740" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-10740", "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-10740" } ], "release_date": "2020-06-02T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2020-08-17T13:28:06+00:00", "details": "Before applying this update, ensure all previously released errata relevant to your system have been applied.\n\nFor details about how to apply this update, see:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "7Server-JBEAP-7.3:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-elytron-web-0:1.6.2-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-infinispan-cachestore-jdbc-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-infinispan-cachestore-remote-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-infinispan-client-hotrod-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-infinispan-commons-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-infinispan-core-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-infinispan-hibernate-cache-commons-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-infinispan-hibernate-cache-spi-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-infinispan-hibernate-cache-v53-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-jackson-datatype-jdk8-0:2.10.4-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-datatype-jsr310-0:2.10.4-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-jaxrs-base-0:2.10.4-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-jaxrs-json-provider-0:2.10.4-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-jaxrs-providers-0:2.10.4-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-jackson-module-jaxb-annotations-0:2.10.4-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el7eap.src", "7Server-JBEAP-7.3:eap7-jboss-server-migration-cli-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-core-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.0-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.1-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.3-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.0-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.1-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly11.0-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly12.0-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly13.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly14.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly15.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly16.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly17.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly18.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly8.2-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly9.0-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-netty-all-0:4.1.48-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-undertow-server-0:1.6.2-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el7eap.src", "7Server-JBEAP-7.3:eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el7eap.src", "7Server-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-wildfly-elytron-tool-0:1.10.7-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-java-jdk11-0:7.3.2-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-java-jdk8-0:7.3.2-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-javadocs-0:7.3.2-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-modules-0:7.3.2-4.GA_redhat_00002.1.el7eap.noarch" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2020:3462" }, { "category": "workaround", "details": "There is currently no known mitigation for this issue.", "product_ids": [ "7Server-JBEAP-7.3:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-elytron-web-0:1.6.2-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-infinispan-cachestore-jdbc-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-infinispan-cachestore-remote-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-infinispan-client-hotrod-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-infinispan-commons-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-infinispan-core-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-infinispan-hibernate-cache-commons-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-infinispan-hibernate-cache-spi-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-infinispan-hibernate-cache-v53-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-jackson-datatype-jdk8-0:2.10.4-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-datatype-jsr310-0:2.10.4-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-jaxrs-base-0:2.10.4-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-jaxrs-json-provider-0:2.10.4-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-jaxrs-providers-0:2.10.4-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-jackson-module-jaxb-annotations-0:2.10.4-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el7eap.src", "7Server-JBEAP-7.3:eap7-jboss-server-migration-cli-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-core-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.0-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.1-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.3-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.0-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.1-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly11.0-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly12.0-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly13.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly14.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly15.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly16.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly17.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly18.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly8.2-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly9.0-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-netty-all-0:4.1.48-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-undertow-server-0:1.6.2-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el7eap.src", "7Server-JBEAP-7.3:eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el7eap.src", "7Server-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-wildfly-elytron-tool-0:1.10.7-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-java-jdk11-0:7.3.2-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-java-jdk8-0:7.3.2-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-javadocs-0:7.3.2-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-modules-0:7.3.2-4.GA_redhat_00002.1.el7eap.noarch" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "7Server-JBEAP-7.3:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-elytron-web-0:1.6.2-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-infinispan-cachestore-jdbc-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-infinispan-cachestore-remote-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-infinispan-client-hotrod-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-infinispan-commons-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-infinispan-core-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-infinispan-hibernate-cache-commons-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-infinispan-hibernate-cache-spi-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-infinispan-hibernate-cache-v53-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-jackson-datatype-jdk8-0:2.10.4-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-datatype-jsr310-0:2.10.4-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-jaxrs-base-0:2.10.4-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-jaxrs-json-provider-0:2.10.4-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-jaxrs-providers-0:2.10.4-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-jackson-module-jaxb-annotations-0:2.10.4-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el7eap.src", "7Server-JBEAP-7.3:eap7-jboss-server-migration-cli-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-core-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.0-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.1-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.3-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.0-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.1-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly11.0-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly12.0-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly13.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly14.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly15.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly16.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly17.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly18.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly8.2-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly9.0-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-netty-all-0:4.1.48-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-undertow-server-0:1.6.2-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el7eap.src", "7Server-JBEAP-7.3:eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el7eap.src", "7Server-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-wildfly-elytron-tool-0:1.10.7-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-java-jdk11-0:7.3.2-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-java-jdk8-0:7.3.2-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-javadocs-0:7.3.2-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-modules-0:7.3.2-4.GA_redhat_00002.1.el7eap.noarch" ] } ], "threats": [ { "category": "impact", "details": "Important" } ], "title": "wildfly: unsafe deserialization in Wildfly Enterprise Java Beans" }, { "cve": "CVE-2020-11612", "cwe": { "id": "CWE-400", "name": "Uncontrolled Resource Consumption" }, "discovery_date": "2020-03-23T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1816216" } ], "notes": [ { "category": "description", "text": "A flaw was found in Netty in the way it handles the amount of data it compresses and decompresses. The Compression/Decompression codecs should enforce memory allocation size limits to avoid an Out of Memory Error (OOME) or exhaustion of the memory pool.", "title": "Vulnerability description" }, { "category": "summary", "text": "netty: compression/decompression codecs don\u0027t enforce limits on buffer allocation sizes", "title": "Vulnerability summary" }, { "category": "other", "text": "In OpenShift Container Platform end users don\u0027t have direct access to send requests to ElasticSearch. A user could need access to the ElasticSearch service on the internal cluster network in order to be able to send malicious requests to it.\n\n\nThird party scanners flagging Red Hat Satellite due to availability of the higher version packages in Red Hat AMQ Clients (through errata RHSA-2020:2605) compare to the qpid packages from Satellite Tools repository. qpid dependency fixed in errata RHSA-2020:2605 was for Red Hat AMQ Clients and it doesn\u0027t necessarily mean that packages from Satellite Tools are affected. These are two different products with different architecture and code-base. Updating the packages from any other repository than the Satellite-tools repository is not recommended for Satellite Customers. \n\nRed Hat Satellite 6.7 and earlier ship affected version of netty, however, there is no external connection being exposed and it is used by only Artemis to open an internal connection within the JVM. Since netty does not come into contact with untrusted data, vulnerability is not exposed in product code and there is no breach of Confidentiality, Integrity or Availability expected from this vulnerability. We may update the netty and its dependency in a future release.\n\nMore information regarding Satellite related packages can be found on KCS: https://access.redhat.com/solutions/5200591", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "7Server-JBEAP-7.3:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-elytron-web-0:1.6.2-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-infinispan-cachestore-jdbc-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-infinispan-cachestore-remote-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-infinispan-client-hotrod-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-infinispan-commons-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-infinispan-core-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-infinispan-hibernate-cache-commons-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-infinispan-hibernate-cache-spi-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-infinispan-hibernate-cache-v53-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-jackson-datatype-jdk8-0:2.10.4-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-datatype-jsr310-0:2.10.4-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-jaxrs-base-0:2.10.4-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-jaxrs-json-provider-0:2.10.4-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-jaxrs-providers-0:2.10.4-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-jackson-module-jaxb-annotations-0:2.10.4-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el7eap.src", "7Server-JBEAP-7.3:eap7-jboss-server-migration-cli-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-core-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.0-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.1-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.3-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.0-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.1-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly11.0-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly12.0-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly13.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly14.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly15.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly16.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly17.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly18.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly8.2-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly9.0-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-netty-all-0:4.1.48-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-undertow-server-0:1.6.2-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el7eap.src", "7Server-JBEAP-7.3:eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el7eap.src", "7Server-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-wildfly-elytron-tool-0:1.10.7-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-java-jdk11-0:7.3.2-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-java-jdk8-0:7.3.2-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-javadocs-0:7.3.2-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-modules-0:7.3.2-4.GA_redhat_00002.1.el7eap.noarch" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2020-11612" }, { "category": "external", "summary": "RHBZ#1816216", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1816216" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2020-11612", "url": "https://www.cve.org/CVERecord?id=CVE-2020-11612" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-11612", "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-11612" } ], "release_date": "2020-01-31T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2020-08-17T13:28:06+00:00", "details": "Before applying this update, ensure all previously released errata relevant to your system have been applied.\n\nFor details about how to apply this update, see:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "7Server-JBEAP-7.3:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-elytron-web-0:1.6.2-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-infinispan-cachestore-jdbc-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-infinispan-cachestore-remote-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-infinispan-client-hotrod-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-infinispan-commons-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-infinispan-core-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-infinispan-hibernate-cache-commons-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-infinispan-hibernate-cache-spi-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-infinispan-hibernate-cache-v53-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-jackson-datatype-jdk8-0:2.10.4-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-datatype-jsr310-0:2.10.4-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-jaxrs-base-0:2.10.4-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-jaxrs-json-provider-0:2.10.4-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-jaxrs-providers-0:2.10.4-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-jackson-module-jaxb-annotations-0:2.10.4-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el7eap.src", "7Server-JBEAP-7.3:eap7-jboss-server-migration-cli-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-core-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.0-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.1-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.3-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.0-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.1-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly11.0-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly12.0-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly13.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly14.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly15.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly16.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly17.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly18.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly8.2-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly9.0-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-netty-all-0:4.1.48-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-undertow-server-0:1.6.2-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el7eap.src", "7Server-JBEAP-7.3:eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el7eap.src", "7Server-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-wildfly-elytron-tool-0:1.10.7-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-java-jdk11-0:7.3.2-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-java-jdk8-0:7.3.2-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-javadocs-0:7.3.2-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-modules-0:7.3.2-4.GA_redhat_00002.1.el7eap.noarch" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2020:3462" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "7Server-JBEAP-7.3:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-elytron-web-0:1.6.2-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-infinispan-cachestore-jdbc-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-infinispan-cachestore-remote-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-infinispan-client-hotrod-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-infinispan-commons-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-infinispan-core-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-infinispan-hibernate-cache-commons-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-infinispan-hibernate-cache-spi-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-infinispan-hibernate-cache-v53-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-jackson-datatype-jdk8-0:2.10.4-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-datatype-jsr310-0:2.10.4-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-jaxrs-base-0:2.10.4-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-jaxrs-json-provider-0:2.10.4-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-jaxrs-providers-0:2.10.4-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-jackson-module-jaxb-annotations-0:2.10.4-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el7eap.src", "7Server-JBEAP-7.3:eap7-jboss-server-migration-cli-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-core-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.0-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.1-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.3-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.0-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.1-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly11.0-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly12.0-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly13.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly14.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly15.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly16.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly17.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly18.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly8.2-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly9.0-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-netty-all-0:4.1.48-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-undertow-server-0:1.6.2-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el7eap.src", "7Server-JBEAP-7.3:eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el7eap.src", "7Server-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-wildfly-elytron-tool-0:1.10.7-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-java-jdk11-0:7.3.2-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-java-jdk8-0:7.3.2-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-javadocs-0:7.3.2-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-modules-0:7.3.2-4.GA_redhat_00002.1.el7eap.noarch" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "netty: compression/decompression codecs don\u0027t enforce limits on buffer allocation sizes" }, { "cve": "CVE-2020-14297", "cwe": { "id": "CWE-400", "name": "Uncontrolled Resource Consumption" }, "discovery_date": "2020-07-01T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1853595" } ], "notes": [ { "category": "description", "text": "A flaw was found in Wildfly\u0027s EJB Client, where the accumulation of specific EJB transaction objects over time can cause services to slow down and eventually become unavailable. This flaw allows an attacker to cause a denial of service. The highest threat from this vulnerability is to system availability.", "title": "Vulnerability description" }, { "category": "summary", "text": "wildfly: Some EJB transaction objects may get accumulated causing Denial of Service", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "7Server-JBEAP-7.3:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-elytron-web-0:1.6.2-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-infinispan-cachestore-jdbc-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-infinispan-cachestore-remote-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-infinispan-client-hotrod-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-infinispan-commons-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-infinispan-core-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-infinispan-hibernate-cache-commons-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-infinispan-hibernate-cache-spi-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-infinispan-hibernate-cache-v53-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-jackson-datatype-jdk8-0:2.10.4-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-datatype-jsr310-0:2.10.4-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-jaxrs-base-0:2.10.4-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-jaxrs-json-provider-0:2.10.4-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-jaxrs-providers-0:2.10.4-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-jackson-module-jaxb-annotations-0:2.10.4-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el7eap.src", "7Server-JBEAP-7.3:eap7-jboss-server-migration-cli-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-core-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.0-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.1-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.3-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.0-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.1-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly11.0-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly12.0-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly13.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly14.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly15.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly16.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly17.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly18.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly8.2-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly9.0-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-netty-all-0:4.1.48-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-undertow-server-0:1.6.2-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el7eap.src", "7Server-JBEAP-7.3:eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el7eap.src", "7Server-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-wildfly-elytron-tool-0:1.10.7-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-java-jdk11-0:7.3.2-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-java-jdk8-0:7.3.2-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-javadocs-0:7.3.2-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-modules-0:7.3.2-4.GA_redhat_00002.1.el7eap.noarch" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2020-14297" }, { "category": "external", "summary": "RHBZ#1853595", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1853595" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2020-14297", "url": "https://www.cve.org/CVERecord?id=CVE-2020-14297" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-14297", "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-14297" } ], "release_date": "2020-07-23T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2020-08-17T13:28:06+00:00", "details": "Before applying this update, ensure all previously released errata relevant to your system have been applied.\n\nFor details about how to apply this update, see:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "7Server-JBEAP-7.3:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-elytron-web-0:1.6.2-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-infinispan-cachestore-jdbc-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-infinispan-cachestore-remote-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-infinispan-client-hotrod-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-infinispan-commons-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-infinispan-core-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-infinispan-hibernate-cache-commons-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-infinispan-hibernate-cache-spi-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-infinispan-hibernate-cache-v53-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-jackson-datatype-jdk8-0:2.10.4-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-datatype-jsr310-0:2.10.4-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-jaxrs-base-0:2.10.4-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-jaxrs-json-provider-0:2.10.4-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-jaxrs-providers-0:2.10.4-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-jackson-module-jaxb-annotations-0:2.10.4-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el7eap.src", "7Server-JBEAP-7.3:eap7-jboss-server-migration-cli-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-core-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.0-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.1-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.3-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.0-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.1-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly11.0-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly12.0-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly13.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly14.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly15.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly16.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly17.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly18.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly8.2-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly9.0-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-netty-all-0:4.1.48-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-undertow-server-0:1.6.2-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el7eap.src", "7Server-JBEAP-7.3:eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el7eap.src", "7Server-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-wildfly-elytron-tool-0:1.10.7-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-java-jdk11-0:7.3.2-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-java-jdk8-0:7.3.2-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-javadocs-0:7.3.2-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-modules-0:7.3.2-4.GA_redhat_00002.1.el7eap.noarch" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2020:3462" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "7Server-JBEAP-7.3:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-elytron-web-0:1.6.2-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-infinispan-cachestore-jdbc-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-infinispan-cachestore-remote-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-infinispan-client-hotrod-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-infinispan-commons-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-infinispan-core-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-infinispan-hibernate-cache-commons-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-infinispan-hibernate-cache-spi-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-infinispan-hibernate-cache-v53-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-jackson-datatype-jdk8-0:2.10.4-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-datatype-jsr310-0:2.10.4-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-jaxrs-base-0:2.10.4-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-jaxrs-json-provider-0:2.10.4-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-jaxrs-providers-0:2.10.4-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-jackson-module-jaxb-annotations-0:2.10.4-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el7eap.src", "7Server-JBEAP-7.3:eap7-jboss-server-migration-cli-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-core-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.0-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.1-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.3-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.0-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.1-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly11.0-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly12.0-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly13.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly14.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly15.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly16.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly17.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly18.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly8.2-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly9.0-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-netty-all-0:4.1.48-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-undertow-server-0:1.6.2-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el7eap.src", "7Server-JBEAP-7.3:eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el7eap.src", "7Server-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-wildfly-elytron-tool-0:1.10.7-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-java-jdk11-0:7.3.2-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-java-jdk8-0:7.3.2-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-javadocs-0:7.3.2-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-modules-0:7.3.2-4.GA_redhat_00002.1.el7eap.noarch" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "wildfly: Some EJB transaction objects may get accumulated causing Denial of Service" }, { "cve": "CVE-2020-14307", "cwe": { "id": "CWE-404", "name": "Improper Resource Shutdown or Release" }, "discovery_date": "2020-06-19T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1851327" } ], "notes": [ { "category": "description", "text": "A vulnerability was found in Wildfly\u0027s Enterprise Java Beans (EJB), where SessionOpenInvocations are never removed from the remote InvocationTracker after a response is received in the EJB Client, as well as the server. This flaw allows an attacker to craft a denial of service attack to make the service unavailable.", "title": "Vulnerability description" }, { "category": "summary", "text": "wildfly: EJB SessionOpenInvocations may not be removed properly after a response is received causing Denial of Service", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "7Server-JBEAP-7.3:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-elytron-web-0:1.6.2-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-infinispan-cachestore-jdbc-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-infinispan-cachestore-remote-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-infinispan-client-hotrod-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-infinispan-commons-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-infinispan-core-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-infinispan-hibernate-cache-commons-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-infinispan-hibernate-cache-spi-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-infinispan-hibernate-cache-v53-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-jackson-datatype-jdk8-0:2.10.4-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-datatype-jsr310-0:2.10.4-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-jaxrs-base-0:2.10.4-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-jaxrs-json-provider-0:2.10.4-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-jaxrs-providers-0:2.10.4-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-jackson-module-jaxb-annotations-0:2.10.4-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el7eap.src", "7Server-JBEAP-7.3:eap7-jboss-server-migration-cli-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-core-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.0-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.1-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.3-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.0-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.1-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly11.0-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly12.0-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly13.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly14.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly15.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly16.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly17.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly18.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly8.2-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly9.0-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-netty-all-0:4.1.48-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-undertow-server-0:1.6.2-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el7eap.src", "7Server-JBEAP-7.3:eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el7eap.src", "7Server-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-wildfly-elytron-tool-0:1.10.7-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-java-jdk11-0:7.3.2-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-java-jdk8-0:7.3.2-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-javadocs-0:7.3.2-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-modules-0:7.3.2-4.GA_redhat_00002.1.el7eap.noarch" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2020-14307" }, { "category": "external", "summary": "RHBZ#1851327", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1851327" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2020-14307", "url": "https://www.cve.org/CVERecord?id=CVE-2020-14307" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-14307", "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-14307" } ], "release_date": "2020-07-23T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2020-08-17T13:28:06+00:00", "details": "Before applying this update, ensure all previously released errata relevant to your system have been applied.\n\nFor details about how to apply this update, see:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "7Server-JBEAP-7.3:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-elytron-web-0:1.6.2-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-infinispan-cachestore-jdbc-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-infinispan-cachestore-remote-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-infinispan-client-hotrod-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-infinispan-commons-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-infinispan-core-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-infinispan-hibernate-cache-commons-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-infinispan-hibernate-cache-spi-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-infinispan-hibernate-cache-v53-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-jackson-datatype-jdk8-0:2.10.4-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-datatype-jsr310-0:2.10.4-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-jaxrs-base-0:2.10.4-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-jaxrs-json-provider-0:2.10.4-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-jaxrs-providers-0:2.10.4-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-jackson-module-jaxb-annotations-0:2.10.4-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el7eap.src", "7Server-JBEAP-7.3:eap7-jboss-server-migration-cli-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-core-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.0-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.1-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.3-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.0-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.1-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly11.0-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly12.0-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly13.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly14.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly15.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly16.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly17.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly18.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly8.2-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly9.0-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-netty-all-0:4.1.48-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-undertow-server-0:1.6.2-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el7eap.src", "7Server-JBEAP-7.3:eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el7eap.src", "7Server-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-wildfly-elytron-tool-0:1.10.7-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-java-jdk11-0:7.3.2-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-java-jdk8-0:7.3.2-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-javadocs-0:7.3.2-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-modules-0:7.3.2-4.GA_redhat_00002.1.el7eap.noarch" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2020:3462" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "7Server-JBEAP-7.3:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-elytron-web-0:1.6.2-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-infinispan-cachestore-jdbc-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-infinispan-cachestore-remote-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-infinispan-client-hotrod-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-infinispan-commons-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-infinispan-core-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-infinispan-hibernate-cache-commons-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-infinispan-hibernate-cache-spi-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-infinispan-hibernate-cache-v53-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-jackson-datatype-jdk8-0:2.10.4-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-datatype-jsr310-0:2.10.4-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-jaxrs-base-0:2.10.4-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-jaxrs-json-provider-0:2.10.4-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-jaxrs-providers-0:2.10.4-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-jackson-module-jaxb-annotations-0:2.10.4-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el7eap.src", "7Server-JBEAP-7.3:eap7-jboss-server-migration-cli-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-core-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.0-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.1-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.3-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.0-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.1-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly11.0-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly12.0-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly13.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly14.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly15.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly16.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly17.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly18.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly8.2-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly9.0-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-netty-all-0:4.1.48-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-undertow-server-0:1.6.2-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el7eap.src", "7Server-JBEAP-7.3:eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el7eap.src", "7Server-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-wildfly-elytron-tool-0:1.10.7-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-java-jdk11-0:7.3.2-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-java-jdk8-0:7.3.2-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-javadocs-0:7.3.2-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-modules-0:7.3.2-4.GA_redhat_00002.1.el7eap.noarch" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "wildfly: EJB SessionOpenInvocations may not be removed properly after a response is received causing Denial of Service" } ] }
rhsa-2020_3585
Vulnerability from csaf_redhat
Published
2020-08-31 15:40
Modified
2024-11-05 22:40
Summary
Red Hat Security Advisory: EAP Continuous Delivery Technical Preview Release 20 security update
Notes
Topic
This is a security update for JBoss EAP Continuous Delivery 20.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details
Red Hat JBoss Enterprise Application Platform CD20 is a platform for Java applications based on the WildFly application runtime.
This release of Red Hat JBoss Enterprise Application Platform CD20 includes bug fixes and enhancements.
Security Fix(es):
* jsf-impl: mojarra: Path traversal in ResourceManager.java:getLocalePrefix() via the loc parameter (CVE-2018-14371)
* jackson-mapper-asl: XML external entity similar to CVE-2016-3720 (CVE-2019-10172)
* hibernate-core: hibernate: SQL injection issue in Hibernate ORM (CVE-2019-14900)
* jackson-databind: mishandles the interaction between serialization gadgets and typing which could result in remote command execution (CVE-2020-10673)
* dom4j: XML External Entity vulnerability in default SAX parser (CVE-2020-10683)
* undertow: Memory exhaustion issue in HttpReadListener via "Expect: 100-continue" header (CVE-2020-10705)
* wildfly-elytron: session fixation when using FORM authentication (CVE-2020-10714)
* undertow: invalid HTTP request with large chunk size (CVE-2020-10719)
* wildfly: unsafe deserialization in Wildfly Enterprise Java Beans (CVE-2020-10740)
* netty: compression/decompression codecs don't enforce limits on buffer allocation sizes (CVE-2020-11612)
* wildfly: EJBContext principal is not popped back after invoking another EJB using a different Security Domain (CVE-2020-1719)
* cxf-core: cxf: JMX integration is vulnerable to a MITM attack (CVE-2020-1954)
* jsf-impl: Mojarra: Path traversal via either the loc parameter or the con parameter, incomplete fix of CVE-2018-14371 (CVE-2020-6950)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{ "document": { "aggregate_severity": { "namespace": "https://access.redhat.com/security/updates/classification/", "text": "Important" }, "category": "csaf_security_advisory", "csaf_version": "2.0", "distribution": { "text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.", "tlp": { "label": "WHITE", "url": "https://www.first.org/tlp/" } }, "lang": "en", "notes": [ { "category": "summary", "text": "This is a security update for JBoss EAP Continuous Delivery 20.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.", "title": "Topic" }, { "category": "general", "text": "Red Hat JBoss Enterprise Application Platform CD20 is a platform for Java applications based on the WildFly application runtime.\n\nThis release of Red Hat JBoss Enterprise Application Platform CD20 includes bug fixes and enhancements. \n\nSecurity Fix(es):\n\n* jsf-impl: mojarra: Path traversal in ResourceManager.java:getLocalePrefix() via the loc parameter (CVE-2018-14371)\n\n* jackson-mapper-asl: XML external entity similar to CVE-2016-3720 (CVE-2019-10172)\n\n* hibernate-core: hibernate: SQL injection issue in Hibernate ORM (CVE-2019-14900)\n\n* jackson-databind: mishandles the interaction between serialization gadgets and typing which could result in remote command execution (CVE-2020-10673)\n\n* dom4j: XML External Entity vulnerability in default SAX parser (CVE-2020-10683)\n\n* undertow: Memory exhaustion issue in HttpReadListener via \"Expect: 100-continue\" header (CVE-2020-10705)\n\n* wildfly-elytron: session fixation when using FORM authentication (CVE-2020-10714)\n\n* undertow: invalid HTTP request with large chunk size (CVE-2020-10719)\n\n* wildfly: unsafe deserialization in Wildfly Enterprise Java Beans (CVE-2020-10740)\n\n* netty: compression/decompression codecs don\u0027t enforce limits on buffer allocation sizes (CVE-2020-11612)\n\n* wildfly: EJBContext principal is not popped back after invoking another EJB using a different Security Domain (CVE-2020-1719)\n\n* cxf-core: cxf: JMX integration is vulnerable to a MITM attack (CVE-2020-1954)\n\n* jsf-impl: Mojarra: Path traversal via either the loc parameter or the con parameter, incomplete fix of CVE-2018-14371 (CVE-2020-6950)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.", "title": "Details" }, { "category": "legal_disclaimer", "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.", "title": "Terms of Use" } ], "publisher": { "category": "vendor", "contact_details": "https://access.redhat.com/security/team/contact/", "issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.", "name": "Red Hat Product Security", "namespace": "https://www.redhat.com" }, "references": [ { "category": "self", "summary": "https://access.redhat.com/errata/RHSA-2020:3585", "url": "https://access.redhat.com/errata/RHSA-2020:3585" }, { "category": "external", "summary": "https://access.redhat.com/security/updates/classification/#important", "url": "https://access.redhat.com/security/updates/classification/#important" }, { "category": "external", "summary": "https://access.redhat.com/jbossnetwork/restricted/listSoftware.html?downloadType=distributions\u0026product=eap-cd\u0026version=20", "url": "https://access.redhat.com/jbossnetwork/restricted/listSoftware.html?downloadType=distributions\u0026product=eap-cd\u0026version=20" }, { "category": "external", "summary": "https://access.redhat.com/documentation/en-us/jboss_enterprise_application_platform_continuous_delivery/20/", "url": "https://access.redhat.com/documentation/en-us/jboss_enterprise_application_platform_continuous_delivery/20/" }, { "category": "external", "summary": "1607709", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1607709" }, { "category": "external", "summary": "1666499", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1666499" }, { "category": "external", "summary": "1694235", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1694235" }, { "category": "external", "summary": "1715075", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1715075" }, { "category": "external", "summary": "1796617", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1796617" }, { "category": "external", "summary": "1803241", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1803241" }, { "category": "external", "summary": "1805006", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1805006" }, { "category": "external", "summary": "1815470", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1815470" }, { "category": "external", "summary": "1816216", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1816216" }, { "category": "external", "summary": "1824301", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1824301" }, { "category": "external", "summary": "1825714", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1825714" }, { "category": "external", "summary": "1828459", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1828459" }, { "category": "external", "summary": "1834512", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1834512" }, { "category": "self", "summary": "Canonical URL", "url": "https://security.access.redhat.com/data/csaf/v2/advisories/2020/rhsa-2020_3585.json" } ], "title": "Red Hat Security Advisory: EAP Continuous Delivery Technical Preview Release 20 security update", "tracking": { "current_release_date": "2024-11-05T22:40:17+00:00", "generator": { "date": "2024-11-05T22:40:17+00:00", "engine": { "name": "Red Hat SDEngine", "version": "4.1.1" } }, "id": "RHSA-2020:3585", "initial_release_date": "2020-08-31T15:40:22+00:00", "revision_history": [ { "date": "2020-08-31T15:40:22+00:00", "number": "1", "summary": "Initial version" }, { "date": "2020-08-31T15:40:22+00:00", "number": "2", "summary": "Last updated version" }, { "date": "2024-11-05T22:40:17+00:00", "number": "3", "summary": "Last generated version" } ], "status": "final", "version": "3" } }, "product_tree": { "branches": [ { "branches": [ { "branches": [ { "category": "product_name", "name": "EAP-CD 20 Tech Preview", "product": { "name": "EAP-CD 20 Tech Preview", "product_id": "EAP-CD 20 Tech Preview", "product_identification_helper": { "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform_cd:20" } } } ], "category": "product_family", "name": "Red Hat JBoss Enterprise Application Platform" } ], "category": "vendor", "name": "Red Hat" } ] }, "vulnerabilities": [ { "cve": "CVE-2018-14371", "cwe": { "id": "CWE-22", "name": "Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)" }, "discovery_date": "2018-07-24T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1607709" } ], "notes": [ { "category": "description", "text": "The getLocalePrefix function in ResourceManager.java in Eclipse Mojarra before 2.3.7 is affected by Directory Traversal via the loc parameter. A remote attacker can download configuration files or Java bytecodes from applications.", "title": "Vulnerability description" }, { "category": "summary", "text": "mojarra: Path traversal in ResourceManager.java:getLocalePrefix() via the loc parameter", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "EAP-CD 20 Tech Preview" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2018-14371" }, { "category": "external", "summary": "RHBZ#1607709", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1607709" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2018-14371", "url": "https://www.cve.org/CVERecord?id=CVE-2018-14371" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2018-14371", "url": "https://nvd.nist.gov/vuln/detail/CVE-2018-14371" } ], "release_date": "2018-07-18T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2020-08-31T15:40:22+00:00", "details": "Before applying this update, back up your existing Red Hat JBoss Enterprise Application Platform installation and deployed applications.\n\nYou must restart the JBoss server process for the update to take effect.\n\nThe References section of this erratum contains a download link (you must log in to download the update)", "product_ids": [ "EAP-CD 20 Tech Preview" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2020:3585" }, { "category": "workaround", "details": "There is no currently known mitigation for this flaw.", "product_ids": [ "EAP-CD 20 Tech Preview" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "NONE", "baseScore": 5.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N", "version": "3.0" }, "products": [ "EAP-CD 20 Tech Preview" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "mojarra: Path traversal in ResourceManager.java:getLocalePrefix() via the loc parameter" }, { "acknowledgments": [ { "names": [ "Brian Stansberry" ], "organization": "Red Hat", "summary": "This issue was discovered by Red Hat." } ], "cve": "CVE-2019-10172", "cwe": { "id": "CWE-611", "name": "Improper Restriction of XML External Entity Reference" }, "discovery_date": "2019-04-09T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1715075" } ], "notes": [ { "category": "description", "text": "A flaw was found in org.codehaus.jackson:jackson-mapper-asl:1.9.x libraries such that an XML external entity (XXE) vulnerability affects codehaus\u0027s jackson-mapper-asl libraries. This vulnerability is similar to CVE-2016-3720. The primary threat from this flaw is data integrity.", "title": "Vulnerability description" }, { "category": "summary", "text": "jackson-mapper-asl: XML external entity similar to CVE-2016-3720", "title": "Vulnerability summary" }, { "category": "other", "text": "Red Hat OpenStack Platform ships OpenDaylight, which contains the vulnerable jackson-databind. However, OpenDaylight does not expose jackson-databind in a way that would make it vulnerable, lowering the impact of the vulnerability for OpenDaylight. As such, Red Hat will not be providing a fix for OpenDaylight at this time.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "EAP-CD 20 Tech Preview" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2019-10172" }, { "category": "external", "summary": "RHBZ#1715075", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1715075" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2019-10172", "url": "https://www.cve.org/CVERecord?id=CVE-2019-10172" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2019-10172", "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-10172" } ], "release_date": "2019-11-18T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2020-08-31T15:40:22+00:00", "details": "Before applying this update, back up your existing Red Hat JBoss Enterprise Application Platform installation and deployed applications.\n\nYou must restart the JBoss server process for the update to take effect.\n\nThe References section of this erratum contains a download link (you must log in to download the update)", "product_ids": [ "EAP-CD 20 Tech Preview" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2020:3585" } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.9, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N", "version": "3.0" }, "products": [ "EAP-CD 20 Tech Preview" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "jackson-mapper-asl: XML external entity similar to CVE-2016-3720" }, { "acknowledgments": [ { "names": [ "Guillaume Smet" ], "organization": "Red Hat", "summary": "This issue was discovered by Red Hat." } ], "cve": "CVE-2019-14900", "cwe": { "id": "CWE-89", "name": "Improper Neutralization of Special Elements used in an SQL Command (\u0027SQL Injection\u0027)" }, "discovery_date": "2019-01-15T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1666499" } ], "notes": [ { "category": "description", "text": "A flaw was found in Hibernate ORM. A SQL injection in the implementation of the JPA Criteria API can permit unsanitized literals when a literal is used in the SELECT or GROUP BY parts of the query. This flaw could allow an attacker to access unauthorized information or possibly conduct further attacks.", "title": "Vulnerability description" }, { "category": "summary", "text": "hibernate: SQL injection issue in Hibernate ORM", "title": "Vulnerability summary" }, { "category": "other", "text": "OpenDaylight:\nIn RHOSP10, RHOSP13 and RHOSP14 editions of Red Hat OpenStack platform, the hibernate-jfa library shipped with OpenDaylight is contains a flaw in the processing of SQL queries. The hibernate-jha implemenation is not used in a vulnerable way in OpenDaylight, preventing the potential for SQL injection.\n\nRed Hat Satellite 6.2, 6.3 and 6.4 contains affected versions of hibernate-core in its candlepin component. However, that component does not use hibernate-core in a vulnerable way.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "EAP-CD 20 Tech Preview" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2019-14900" }, { "category": "external", "summary": "RHBZ#1666499", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1666499" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2019-14900", "url": "https://www.cve.org/CVERecord?id=CVE-2019-14900" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2019-14900", "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-14900" } ], "release_date": "2020-05-12T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2020-08-31T15:40:22+00:00", "details": "Before applying this update, back up your existing Red Hat JBoss Enterprise Application Platform installation and deployed applications.\n\nYou must restart the JBoss server process for the update to take effect.\n\nThe References section of this erratum contains a download link (you must log in to download the update)", "product_ids": [ "EAP-CD 20 Tech Preview" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2020:3585" }, { "category": "workaround", "details": "There is no currently known mitigation for this flaw.", "product_ids": [ "EAP-CD 20 Tech Preview" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "version": "3.1" }, "products": [ "EAP-CD 20 Tech Preview" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "hibernate: SQL injection issue in Hibernate ORM" }, { "cve": "CVE-2020-1719", "cwe": { "id": "CWE-270", "name": "Privilege Context Switching Error" }, "discovery_date": "2019-08-26T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1796617" } ], "notes": [ { "category": "description", "text": "A flaw was found in wildfly. The EJBContext principle is not popped back after invoking another EJB using a different Security Domain. The highest threat from this vulnerability is to data confidentiality and integrity.", "title": "Vulnerability description" }, { "category": "summary", "text": "Wildfly: EJBContext principal is not popped back after invoking another EJB using a different Security Domain", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "EAP-CD 20 Tech Preview" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2020-1719" }, { "category": "external", "summary": "RHBZ#1796617", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1796617" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2020-1719", "url": "https://www.cve.org/CVERecord?id=CVE-2020-1719" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-1719", "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-1719" } ], "release_date": "2019-06-18T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2020-08-31T15:40:22+00:00", "details": "Before applying this update, back up your existing Red Hat JBoss Enterprise Application Platform installation and deployed applications.\n\nYou must restart the JBoss server process for the update to take effect.\n\nThe References section of this erratum contains a download link (you must log in to download the update)", "product_ids": [ "EAP-CD 20 Tech Preview" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2020:3585" } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 4.2, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N", "version": "3.1" }, "products": [ "EAP-CD 20 Tech Preview" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "Wildfly: EJBContext principal is not popped back after invoking another EJB using a different Security Domain" }, { "cve": "CVE-2020-1954", "cwe": { "id": "CWE-200", "name": "Exposure of Sensitive Information to an Unauthorized Actor" }, "discovery_date": "2020-04-01T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1824301" } ], "notes": [ { "category": "description", "text": "Apache CXF has the ability to integrate with JMX by registering an InstrumentationManager extension with the CXF bus. If the \u2018createMBServerConnectorFactory\u2018 property of the default InstrumentationManagerImpl is not disabled, then it is vulnerable to a man-in-the-middle (MITM) style attack. An attacker on the same host can connect to the registry and rebind the entry to another server, thus acting as a proxy to the original. They are then able to gain access to all of the information that is sent and received over JMX.", "title": "Vulnerability description" }, { "category": "summary", "text": "cxf: JMX integration is vulnerable to a MITM attack", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "EAP-CD 20 Tech Preview" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2020-1954" }, { "category": "external", "summary": "RHBZ#1824301", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1824301" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2020-1954", "url": "https://www.cve.org/CVERecord?id=CVE-2020-1954" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-1954", "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-1954" } ], "release_date": "2020-04-01T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2020-08-31T15:40:22+00:00", "details": "Before applying this update, back up your existing Red Hat JBoss Enterprise Application Platform installation and deployed applications.\n\nYou must restart the JBoss server process for the update to take effect.\n\nThe References section of this erratum contains a download link (you must log in to download the update)", "product_ids": [ "EAP-CD 20 Tech Preview" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2020:3585" } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "ADJACENT_NETWORK", "availabilityImpact": "NONE", "baseScore": 5.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.1" }, "products": [ "EAP-CD 20 Tech Preview" ] } ], "threats": [ { "category": "impact", "details": "Low" } ], "title": "cxf: JMX integration is vulnerable to a MITM attack" }, { "acknowledgments": [ { "names": [ "An Trinh" ] } ], "cve": "CVE-2020-6950", "cwe": { "id": "CWE-22", "name": "Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)" }, "discovery_date": "2019-12-16T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1805006" } ], "notes": [ { "category": "description", "text": "A flaw was found in Eclipse Mojarra before version 2.3.14, where it is vulnerable to a path traversal flaw via the loc parameter or the con parameter. An attacker could exploit this flaw to read arbitrary files.", "title": "Vulnerability description" }, { "category": "summary", "text": "Mojarra: Path traversal via either the loc parameter or the con parameter, incomplete fix of CVE-2018-14371", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "EAP-CD 20 Tech Preview" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2020-6950" }, { "category": "external", "summary": "RHBZ#1805006", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1805006" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2020-6950", "url": "https://www.cve.org/CVERecord?id=CVE-2020-6950" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-6950", "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-6950" }, { "category": "external", "summary": "https://bugs.eclipse.org/bugs/show_bug.cgi?id=550943", "url": "https://bugs.eclipse.org/bugs/show_bug.cgi?id=550943" }, { "category": "external", "summary": "https://github.com/eclipse-ee4j/mojarra/commit/1b434748d9239f42eae8aa7d37d7a0930c061e24", "url": "https://github.com/eclipse-ee4j/mojarra/commit/1b434748d9239f42eae8aa7d37d7a0930c061e24" }, { "category": "external", "summary": "https://github.com/eclipse-ee4j/mojarra/commit/cefbb9447e7be560e59da2da6bd7cb93776f7741", "url": "https://github.com/eclipse-ee4j/mojarra/commit/cefbb9447e7be560e59da2da6bd7cb93776f7741" }, { "category": "external", "summary": "https://github.com/eclipse-ee4j/mojarra/issues/4571", "url": "https://github.com/eclipse-ee4j/mojarra/issues/4571" }, { "category": "external", "summary": "https://github.com/javaserverfaces/mojarra/issues/4364", "url": "https://github.com/javaserverfaces/mojarra/issues/4364" } ], "release_date": "2020-02-20T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2020-08-31T15:40:22+00:00", "details": "Before applying this update, back up your existing Red Hat JBoss Enterprise Application Platform installation and deployed applications.\n\nYou must restart the JBoss server process for the update to take effect.\n\nThe References section of this erratum contains a download link (you must log in to download the update)", "product_ids": [ "EAP-CD 20 Tech Preview" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2020:3585" }, { "category": "workaround", "details": "There is no currently known mitigation for this flaw.", "product_ids": [ "EAP-CD 20 Tech Preview" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N", "version": "3.1" }, "products": [ "EAP-CD 20 Tech Preview" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "Mojarra: Path traversal via either the loc parameter or the con parameter, incomplete fix of CVE-2018-14371" }, { "cve": "CVE-2020-10673", "cwe": { "id": "CWE-96", "name": "Improper Neutralization of Directives in Statically Saved Code (\u0027Static Code Injection\u0027)" }, "discovery_date": "2020-03-19T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1815470" } ], "notes": [ { "category": "description", "text": "A flaw was found in jackson-databind 2.x in versions prior to 2.9.10.4. FasterXML jackson-databind 2.x mishandles the interaction between serialization gadgets and typing. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.", "title": "Vulnerability description" }, { "category": "summary", "text": "jackson-databind: mishandles the interaction between serialization gadgets and typing which could result in remote command execution", "title": "Vulnerability summary" }, { "category": "other", "text": "Red Hat OpenStack Platform ships OpenDaylight, which contains the vulnerable jackson-databind. However, OpenDaylight does not expose jackson-databind in a way that would make it vulnerable, lowering the impact of the vulnerability for OpenDaylight. As such, Red Hat will not be providing a fix for OpenDaylight at this time. Additionally, the gadget is not available within Red Hat Openstack Platform\u0027s OpenDaylight.\n\nWhile OpenShift Container Platform\u0027s elasticsearch plugins do ship the vulnerable component, it doesn\u0027t do any of the unsafe things described in https://access.redhat.com/solutions/3279231. We may update the jackson-databind dependency in a future release.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "EAP-CD 20 Tech Preview" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2020-10673" }, { "category": "external", "summary": "RHBZ#1815470", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1815470" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2020-10673", "url": "https://www.cve.org/CVERecord?id=CVE-2020-10673" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-10673", "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-10673" } ], "release_date": "2020-03-18T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2020-08-31T15:40:22+00:00", "details": "Before applying this update, back up your existing Red Hat JBoss Enterprise Application Platform installation and deployed applications.\n\nYou must restart the JBoss server process for the update to take effect.\n\nThe References section of this erratum contains a download link (you must log in to download the update)", "product_ids": [ "EAP-CD 20 Tech Preview" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2020:3585" } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.1, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "EAP-CD 20 Tech Preview" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "jackson-databind: mishandles the interaction between serialization gadgets and typing which could result in remote command execution" }, { "acknowledgments": [ { "names": [ "Adith Sudhakar" ] } ], "cve": "CVE-2020-10683", "cwe": { "id": "CWE-611", "name": "Improper Restriction of XML External Entity Reference" }, "discovery_date": "2019-03-28T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1694235" } ], "notes": [ { "category": "description", "text": "dom4j before 2.0.3 and 2.1.x before 2.1.3 allows external DTDs and External Entities by default, which might enable XXE attacks. However, there is popular external documentation from OWASP showing how to enable the safe, non-default behavior in any application that uses dom4j.", "title": "Vulnerability description" }, { "category": "summary", "text": "dom4j: XML External Entity vulnerability in default SAX parser", "title": "Vulnerability summary" }, { "category": "other", "text": "OpenShift Container Platform ships a vulnerable version of dom4j library. However it\u0027s used to parse configuration files, which are local disk resources. We\u0027ve rated this issue with a moderate impact for OpenShift Container Platform.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "EAP-CD 20 Tech Preview" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2020-10683" }, { "category": "external", "summary": "RHBZ#1694235", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1694235" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2020-10683", "url": "https://www.cve.org/CVERecord?id=CVE-2020-10683" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-10683", "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-10683" } ], "release_date": "2020-04-15T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2020-08-31T15:40:22+00:00", "details": "Before applying this update, back up your existing Red Hat JBoss Enterprise Application Platform installation and deployed applications.\n\nYou must restart the JBoss server process for the update to take effect.\n\nThe References section of this erratum contains a download link (you must log in to download the update)", "product_ids": [ "EAP-CD 20 Tech Preview" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2020:3585" } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 5.0, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:L", "version": "3.1" }, "products": [ "EAP-CD 20 Tech Preview" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "dom4j: XML External Entity vulnerability in default SAX parser" }, { "cve": "CVE-2020-10705", "cwe": { "id": "CWE-400", "name": "Uncontrolled Resource Consumption" }, "discovery_date": "2020-02-14T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1803241" } ], "notes": [ { "category": "description", "text": "A flaw was discovered in Undertow where certain requests to the \"Expect: 100-continue\" header may cause an out of memory error. This flaw may potentially lead to a denial of service.", "title": "Vulnerability description" }, { "category": "summary", "text": "undertow: Memory exhaustion issue in HttpReadListener via \"Expect: 100-continue\" header", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "EAP-CD 20 Tech Preview" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2020-10705" }, { "category": "external", "summary": "RHBZ#1803241", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1803241" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2020-10705", "url": "https://www.cve.org/CVERecord?id=CVE-2020-10705" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-10705", "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-10705" } ], "release_date": "2020-05-11T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2020-08-31T15:40:22+00:00", "details": "Before applying this update, back up your existing Red Hat JBoss Enterprise Application Platform installation and deployed applications.\n\nYou must restart the JBoss server process for the update to take effect.\n\nThe References section of this erratum contains a download link (you must log in to download the update)", "product_ids": [ "EAP-CD 20 Tech Preview" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2020:3585" }, { "category": "workaround", "details": "There is currently no known mitigation for this security flaw.", "product_ids": [ "EAP-CD 20 Tech Preview" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "EAP-CD 20 Tech Preview" ] } ], "threats": [ { "category": "impact", "details": "Important" } ], "title": "undertow: Memory exhaustion issue in HttpReadListener via \"Expect: 100-continue\" header" }, { "acknowledgments": [ { "names": [ "Mark Banierink" ], "organization": "Nedap" } ], "cve": "CVE-2020-10714", "cwe": { "id": "CWE-384", "name": "Session Fixation" }, "discovery_date": "2020-03-24T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1825714" } ], "notes": [ { "category": "description", "text": "A flaw was found in WildFly Elytron version 1.11.3.Final and before. When using WildFly Elytron FORM authentication with a session ID in the URL, an attacker could perform a session fixation attack. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.", "title": "Vulnerability description" }, { "category": "summary", "text": "wildfly-elytron: session fixation when using FORM authentication", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "EAP-CD 20 Tech Preview" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2020-10714" }, { "category": "external", "summary": "RHBZ#1825714", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1825714" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2020-10714", "url": "https://www.cve.org/CVERecord?id=CVE-2020-10714" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-10714", "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-10714" } ], "release_date": "2020-04-28T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2020-08-31T15:40:22+00:00", "details": "Before applying this update, back up your existing Red Hat JBoss Enterprise Application Platform installation and deployed applications.\n\nYou must restart the JBoss server process for the update to take effect.\n\nThe References section of this erratum contains a download link (you must log in to download the update)", "product_ids": [ "EAP-CD 20 Tech Preview" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2020:3585" }, { "category": "workaround", "details": "This attack is dependent on the attacker being able to create a session and the victim accessing the session before the session expires, we do have a 15 minute session timeout by default but the attacker could also keep this alive by say sending in a request every five minutes.\n\nThe server by default supports session tracking by URL and Cookie, if the web.xml is updated to support COOKIE only the exploit is not possible by sharing the link.\n~~~\n \u003csession-config\u003e\n \u003ctracking-mode\u003eURL\u003c/tracking-mode\u003e\n \u003c/session-config\u003e\n~~~\nTO\n~~~\n \u003csession-config\u003e\n \u003ctracking-mode\u003eCOOKIE\u003c/tracking-mode\u003e\n \u003c/session-config\u003e\n~~~", "product_ids": [ "EAP-CD 20 Tech Preview" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "EAP-CD 20 Tech Preview" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "wildfly-elytron: session fixation when using FORM authentication" }, { "acknowledgments": [ { "names": [ "ZeddYu" ] } ], "cve": "CVE-2020-10719", "cwe": { "id": "CWE-444", "name": "Inconsistent Interpretation of HTTP Requests (\u0027HTTP Request/Response Smuggling\u0027)" }, "discovery_date": "2020-02-11T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1828459" } ], "notes": [ { "category": "description", "text": "A flaw was found in Undertow, regarding the processing of invalid HTTP requests with large chunk sizes. This flaw allows an attacker to take advantage of HTTP request smuggling.", "title": "Vulnerability description" }, { "category": "summary", "text": "undertow: invalid HTTP request with large chunk size", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "EAP-CD 20 Tech Preview" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2020-10719" }, { "category": "external", "summary": "RHBZ#1828459", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1828459" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2020-10719", "url": "https://www.cve.org/CVERecord?id=CVE-2020-10719" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-10719", "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-10719" } ], "release_date": "2020-05-06T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2020-08-31T15:40:22+00:00", "details": "Before applying this update, back up your existing Red Hat JBoss Enterprise Application Platform installation and deployed applications.\n\nYou must restart the JBoss server process for the update to take effect.\n\nThe References section of this erratum contains a download link (you must log in to download the update)", "product_ids": [ "EAP-CD 20 Tech Preview" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2020:3585" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N", "version": "3.1" }, "products": [ "EAP-CD 20 Tech Preview" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "undertow: invalid HTTP request with large chunk size" }, { "acknowledgments": [ { "names": [ "Moritz Bechler" ], "organization": "SySS GmbH" } ], "cve": "CVE-2020-10740", "cwe": { "id": "CWE-502", "name": "Deserialization of Untrusted Data" }, "discovery_date": "2020-03-25T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1834512" } ], "notes": [ { "category": "description", "text": "A flaw was found in Wildfly. A remote deserialization attack is possible in the Enterprise Application Beans (EJB) due to lack of validation/filtering capabilities in wildfly. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availablity.", "title": "Vulnerability description" }, { "category": "summary", "text": "wildfly: unsafe deserialization in Wildfly Enterprise Java Beans", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "EAP-CD 20 Tech Preview" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2020-10740" }, { "category": "external", "summary": "RHBZ#1834512", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1834512" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2020-10740", "url": "https://www.cve.org/CVERecord?id=CVE-2020-10740" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-10740", "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-10740" } ], "release_date": "2020-06-02T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2020-08-31T15:40:22+00:00", "details": "Before applying this update, back up your existing Red Hat JBoss Enterprise Application Platform installation and deployed applications.\n\nYou must restart the JBoss server process for the update to take effect.\n\nThe References section of this erratum contains a download link (you must log in to download the update)", "product_ids": [ "EAP-CD 20 Tech Preview" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2020:3585" }, { "category": "workaround", "details": "There is currently no known mitigation for this issue.", "product_ids": [ "EAP-CD 20 Tech Preview" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "EAP-CD 20 Tech Preview" ] } ], "threats": [ { "category": "impact", "details": "Important" } ], "title": "wildfly: unsafe deserialization in Wildfly Enterprise Java Beans" }, { "cve": "CVE-2020-11612", "cwe": { "id": "CWE-400", "name": "Uncontrolled Resource Consumption" }, "discovery_date": "2020-03-23T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1816216" } ], "notes": [ { "category": "description", "text": "A flaw was found in Netty in the way it handles the amount of data it compresses and decompresses. The Compression/Decompression codecs should enforce memory allocation size limits to avoid an Out of Memory Error (OOME) or exhaustion of the memory pool.", "title": "Vulnerability description" }, { "category": "summary", "text": "netty: compression/decompression codecs don\u0027t enforce limits on buffer allocation sizes", "title": "Vulnerability summary" }, { "category": "other", "text": "In OpenShift Container Platform end users don\u0027t have direct access to send requests to ElasticSearch. A user could need access to the ElasticSearch service on the internal cluster network in order to be able to send malicious requests to it.\n\n\nThird party scanners flagging Red Hat Satellite due to availability of the higher version packages in Red Hat AMQ Clients (through errata RHSA-2020:2605) compare to the qpid packages from Satellite Tools repository. qpid dependency fixed in errata RHSA-2020:2605 was for Red Hat AMQ Clients and it doesn\u0027t necessarily mean that packages from Satellite Tools are affected. These are two different products with different architecture and code-base. Updating the packages from any other repository than the Satellite-tools repository is not recommended for Satellite Customers. \n\nRed Hat Satellite 6.7 and earlier ship affected version of netty, however, there is no external connection being exposed and it is used by only Artemis to open an internal connection within the JVM. Since netty does not come into contact with untrusted data, vulnerability is not exposed in product code and there is no breach of Confidentiality, Integrity or Availability expected from this vulnerability. We may update the netty and its dependency in a future release.\n\nMore information regarding Satellite related packages can be found on KCS: https://access.redhat.com/solutions/5200591", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "EAP-CD 20 Tech Preview" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2020-11612" }, { "category": "external", "summary": "RHBZ#1816216", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1816216" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2020-11612", "url": "https://www.cve.org/CVERecord?id=CVE-2020-11612" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-11612", "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-11612" } ], "release_date": "2020-01-31T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2020-08-31T15:40:22+00:00", "details": "Before applying this update, back up your existing Red Hat JBoss Enterprise Application Platform installation and deployed applications.\n\nYou must restart the JBoss server process for the update to take effect.\n\nThe References section of this erratum contains a download link (you must log in to download the update)", "product_ids": [ "EAP-CD 20 Tech Preview" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2020:3585" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "EAP-CD 20 Tech Preview" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "netty: compression/decompression codecs don\u0027t enforce limits on buffer allocation sizes" } ] }
rhsa-2020_3539
Vulnerability from csaf_redhat
Published
2020-09-02 09:47
Modified
2024-11-05 22:39
Summary
Red Hat Security Advisory: Red Hat build of Thorntail 2.7.1 security and bug fix update
Notes
Topic
An update is now available for Red Hat build of Thorntail.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability. For more information, see the CVE links in the References section.
Details
This release of Red Hat build of Thorntail 2.7.1 includes security updates, bug fixes, and enhancements. For more information, see the release notes listed in the References section.
Security Fix(es):
* EAP: field-name is not parsed in accordance to RFC7230 (CVE-2020-1710)
* Wildfly: Improper authorization issue in WildFlySecurityManager when using alternative protection domain (CVE-2020-1748)
* keycloak: security headers missing on REST endpoints (CVE-2020-1728)
* wildfly-elytron: session fixation when using FORM authentication (CVE-2020-10714)
* hibernate-validator: Improper input validation in the interpolation of constraint error messages (CVE-2020-10693)
* wildfly: exposed setting of TCCL via the EmbeddedManagedProcess API (CVE-2020-10718)
* wildfly: unsafe deserialization in Wildfly Enterprise Java Beans (CVE-2020-10740)
* wildfly: EJB SessionOpenInvocations may not be removed properly after a response is received causing Denial of Service (CVE-2020-14307)
* keycloak: DoS by sending multiple simultaneous requests with a Content-Length header value greater than actual byte count of request body (CVE-2020-10758)
* wildfly: Some EJB transaction objects may get accumulated causing Denial of Service (CVE-2020-14297)
For more details about the security issues and their impact, the CVSS score, acknowledgements, and other related information, see the CVE pages listed in the References section.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{ "document": { "aggregate_severity": { "namespace": "https://access.redhat.com/security/updates/classification/", "text": "Important" }, "category": "csaf_security_advisory", "csaf_version": "2.0", "distribution": { "text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.", "tlp": { "label": "WHITE", "url": "https://www.first.org/tlp/" } }, "lang": "en", "notes": [ { "category": "summary", "text": "An update is now available for Red Hat build of Thorntail.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability. For more information, see the CVE links in the References section.", "title": "Topic" }, { "category": "general", "text": "This release of Red Hat build of Thorntail 2.7.1 includes security updates, bug fixes, and enhancements. For more information, see the release notes listed in the References section.\n\nSecurity Fix(es):\n\n* EAP: field-name is not parsed in accordance to RFC7230 (CVE-2020-1710)\n\n* Wildfly: Improper authorization issue in WildFlySecurityManager when using alternative protection domain (CVE-2020-1748)\n\n* keycloak: security headers missing on REST endpoints (CVE-2020-1728)\n\n* wildfly-elytron: session fixation when using FORM authentication (CVE-2020-10714)\n\n* hibernate-validator: Improper input validation in the interpolation of constraint error messages (CVE-2020-10693)\n\n* wildfly: exposed setting of TCCL via the EmbeddedManagedProcess API (CVE-2020-10718)\n\n* wildfly: unsafe deserialization in Wildfly Enterprise Java Beans (CVE-2020-10740)\n\n* wildfly: EJB SessionOpenInvocations may not be removed properly after a response is received causing Denial of Service (CVE-2020-14307)\n\n* keycloak: DoS by sending multiple simultaneous requests with a Content-Length header value greater than actual byte count of request body (CVE-2020-10758)\n\n* wildfly: Some EJB transaction objects may get accumulated causing Denial of Service (CVE-2020-14297)\n\nFor more details about the security issues and their impact, the CVSS score, acknowledgements, and other related information, see the CVE pages listed in the References section.", "title": "Details" }, { "category": "legal_disclaimer", "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.", "title": "Terms of Use" } ], "publisher": { "category": "vendor", "contact_details": "https://access.redhat.com/security/team/contact/", "issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.", "name": "Red Hat Product Security", "namespace": "https://www.redhat.com" }, "references": [ { "category": "self", "summary": "https://access.redhat.com/errata/RHSA-2020:3539", "url": "https://access.redhat.com/errata/RHSA-2020:3539" }, { "category": "external", "summary": "https://access.redhat.com/security/updates/classification/#important", "url": "https://access.redhat.com/security/updates/classification/#important" }, { "category": "external", "summary": "https://access.redhat.com/jbossnetwork/restricted/listSoftware.html?downloadType=distributions\u0026product=catRhoar.thorntail\u0026version=2.7.1", "url": "https://access.redhat.com/jbossnetwork/restricted/listSoftware.html?downloadType=distributions\u0026product=catRhoar.thorntail\u0026version=2.7.1" }, { "category": "external", "summary": "https://access.redhat.com/documentation/en-us/red_hat_build_of_thorntail/2.7/html/release_notes_for_thorntail_2.7/", "url": "https://access.redhat.com/documentation/en-us/red_hat_build_of_thorntail/2.7/html/release_notes_for_thorntail_2.7/" }, { "category": "external", "summary": "1793970", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1793970" }, { "category": "external", "summary": "1800585", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1800585" }, { "category": "external", "summary": "1805501", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1805501" }, { "category": "external", "summary": "1807707", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1807707" }, { "category": "external", "summary": "1825714", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1825714" }, { "category": "external", "summary": "1828476", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1828476" }, { "category": "external", "summary": "1834512", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1834512" }, { "category": "external", "summary": "1843849", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1843849" }, { "category": "external", "summary": "1851327", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1851327" }, { "category": "external", "summary": "1853595", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1853595" }, { "category": "self", "summary": "Canonical URL", "url": "https://security.access.redhat.com/data/csaf/v2/advisories/2020/rhsa-2020_3539.json" } ], "title": "Red Hat Security Advisory: Red Hat build of Thorntail 2.7.1 security and bug fix update", "tracking": { "current_release_date": "2024-11-05T22:39:42+00:00", "generator": { "date": "2024-11-05T22:39:42+00:00", "engine": { "name": "Red Hat SDEngine", "version": "4.1.1" } }, "id": "RHSA-2020:3539", "initial_release_date": "2020-09-02T09:47:16+00:00", "revision_history": [ { "date": "2020-09-02T09:47:16+00:00", "number": "1", "summary": "Initial version" }, { "date": "2020-09-02T09:47:16+00:00", "number": "2", "summary": "Last updated version" }, { "date": "2024-11-05T22:39:42+00:00", "number": "3", "summary": "Last generated version" } ], "status": "final", "version": "3" } }, "product_tree": { "branches": [ { "branches": [ { "branches": [ { "category": "product_name", "name": "Text-Only RHOAR", "product": { "name": "Text-Only RHOAR", "product_id": "Text-Only RHOAR", "product_identification_helper": { "cpe": "cpe:/a:redhat:openshift_application_runtimes:1.0" } } } ], "category": "product_family", "name": "Red Hat OpenShift Application Runtimes" } ], "category": "vendor", "name": "Red Hat" } ] }, "vulnerabilities": [ { "cve": "CVE-2020-1710", "cwe": { "id": "CWE-113", "name": "Improper Neutralization of CRLF Sequences in HTTP Headers (\u0027HTTP Request/Response Splitting\u0027)" }, "discovery_date": "2019-12-20T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1793970" } ], "notes": [ { "category": "description", "text": "A flaw was discovered in JBoss EAP, where it does not process the header field-name in accordance with RFC7230. Whitespace between the header field-name and colon is processed, resulting in an HTTP response code of 200 instead of a bad request of 400.", "title": "Vulnerability description" }, { "category": "summary", "text": "EAP: field-name is not parsed in accordance to RFC7230", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Text-Only RHOAR" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2020-1710" }, { "category": "external", "summary": "RHBZ#1793970", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1793970" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2020-1710", "url": "https://www.cve.org/CVERecord?id=CVE-2020-1710" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-1710", "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-1710" } ], "release_date": "2020-08-06T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2020-09-02T09:47:16+00:00", "details": "Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nThe References section of this erratum contains a download link for the update. You must be logged in to download the update.", "product_ids": [ "Text-Only RHOAR" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2020:3539" }, { "category": "workaround", "details": "There is currently no known mitigation for this issue.", "product_ids": [ "Text-Only RHOAR" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", "version": "3.1" }, "products": [ "Text-Only RHOAR" ] } ], "threats": [ { "category": "impact", "details": "Important" } ], "title": "EAP: field-name is not parsed in accordance to RFC7230" }, { "cve": "CVE-2020-1728", "cwe": { "id": "CWE-358", "name": "Improperly Implemented Security Check for Standard" }, "discovery_date": "2020-02-07T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1800585" } ], "notes": [ { "category": "description", "text": "A flaw was found in Keycloak\u2019s Admin Console, where it is missing HTTP security headers in HTTP responses. This issue is not a direct vulnerability and may not lead to a security issue, but increases the chances of allowing attackers to exploit other security flaws. Examples of these possible exploits are servers being prone to clickjacking, channel downgrade attacks, and other similar client-based attack vectors.", "title": "Vulnerability description" }, { "category": "summary", "text": "keycloak: security headers missing on REST endpoints", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Text-Only RHOAR" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2020-1728" }, { "category": "external", "summary": "RHBZ#1800585", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1800585" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2020-1728", "url": "https://www.cve.org/CVERecord?id=CVE-2020-1728" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-1728", "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-1728" } ], "release_date": "2019-11-27T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2020-09-02T09:47:16+00:00", "details": "Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nThe References section of this erratum contains a download link for the update. You must be logged in to download the update.", "product_ids": [ "Text-Only RHOAR" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2020:3539" } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 4.8, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N", "version": "3.1" }, "products": [ "Text-Only RHOAR" ] } ], "threats": [ { "category": "impact", "details": "Low" } ], "title": "keycloak: security headers missing on REST endpoints" }, { "cve": "CVE-2020-1748", "cwe": { "id": "CWE-285", "name": "Improper Authorization" }, "discovery_date": "2020-02-26T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1807707" } ], "notes": [ { "category": "description", "text": "A flaw was found in Wildfly, where the WildFlySecurityManager checks were bypassed when using custom security managers, resulting in an improper authorization. This flaw leads to information exposure by unauthenticated access to secure resources.", "title": "Vulnerability description" }, { "category": "summary", "text": "Wildfly: Improper authorization issue in WildFlySecurityManager when using alternative protection domain", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Text-Only RHOAR" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2020-1748" }, { "category": "external", "summary": "RHBZ#1807707", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1807707" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2020-1748", "url": "https://www.cve.org/CVERecord?id=CVE-2020-1748" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-1748", "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-1748" } ], "release_date": "2020-08-06T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2020-09-02T09:47:16+00:00", "details": "Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nThe References section of this erratum contains a download link for the update. You must be logged in to download the update.", "product_ids": [ "Text-Only RHOAR" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2020:3539" } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 4.8, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N", "version": "3.1" }, "products": [ "Text-Only RHOAR" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "Wildfly: Improper authorization issue in WildFlySecurityManager when using alternative protection domain" }, { "acknowledgments": [ { "names": [ "Alvaro Mu\u00f1oz" ], "organization": "GitHub Security Labs" } ], "cve": "CVE-2020-10693", "cwe": { "id": "CWE-20", "name": "Improper Input Validation" }, "discovery_date": "2020-02-05T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1805501" } ], "notes": [ { "category": "description", "text": "A flaw was found in Hibernate Validator version 6.1.2.Final. A bug in the message interpolation processor enables invalid EL expressions to be evaluated as if they were valid. This flaw allows attackers to bypass input sanitation (escaping, stripping) controls that developers may have put in place when handling user-controlled data in error messages.", "title": "Vulnerability description" }, { "category": "summary", "text": "hibernate-validator: Improper input validation in the interpolation of constraint error messages", "title": "Vulnerability summary" }, { "category": "other", "text": "hibernate-validator is packaged with Red Hat OpenStack Platform 13.0\u0027s OpenDaylight (ODL). However, because ODL is technical preview in this version and the flaw is moderate, Red Hat will not be releasing a fix for the OpenStack package at this time.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Text-Only RHOAR" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2020-10693" }, { "category": "external", "summary": "RHBZ#1805501", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1805501" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2020-10693", "url": "https://www.cve.org/CVERecord?id=CVE-2020-10693" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-10693", "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-10693" } ], "release_date": "2020-05-05T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2020-09-02T09:47:16+00:00", "details": "Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nThe References section of this erratum contains a download link for the update. You must be logged in to download the update.", "product_ids": [ "Text-Only RHOAR" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2020:3539" }, { "category": "workaround", "details": "You can pass user input as an expression variable by unwrapping the context to HibernateConstraintValidatorContext. Please refer to the https://in.relation.to/2020/05/07/hibernate-validator-615-6020-released/ and https://docs.jboss.org/hibernate/stable/validator/reference/en-US/html_single/#_the_code_constraintvalidatorcontext_code.", "product_ids": [ "Text-Only RHOAR" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", "version": "3.1" }, "products": [ "Text-Only RHOAR" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "hibernate-validator: Improper input validation in the interpolation of constraint error messages" }, { "acknowledgments": [ { "names": [ "Mark Banierink" ], "organization": "Nedap" } ], "cve": "CVE-2020-10714", "cwe": { "id": "CWE-384", "name": "Session Fixation" }, "discovery_date": "2020-03-24T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1825714" } ], "notes": [ { "category": "description", "text": "A flaw was found in WildFly Elytron version 1.11.3.Final and before. When using WildFly Elytron FORM authentication with a session ID in the URL, an attacker could perform a session fixation attack. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.", "title": "Vulnerability description" }, { "category": "summary", "text": "wildfly-elytron: session fixation when using FORM authentication", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Text-Only RHOAR" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2020-10714" }, { "category": "external", "summary": "RHBZ#1825714", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1825714" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2020-10714", "url": "https://www.cve.org/CVERecord?id=CVE-2020-10714" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-10714", "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-10714" } ], "release_date": "2020-04-28T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2020-09-02T09:47:16+00:00", "details": "Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nThe References section of this erratum contains a download link for the update. You must be logged in to download the update.", "product_ids": [ "Text-Only RHOAR" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2020:3539" }, { "category": "workaround", "details": "This attack is dependent on the attacker being able to create a session and the victim accessing the session before the session expires, we do have a 15 minute session timeout by default but the attacker could also keep this alive by say sending in a request every five minutes.\n\nThe server by default supports session tracking by URL and Cookie, if the web.xml is updated to support COOKIE only the exploit is not possible by sharing the link.\n~~~\n \u003csession-config\u003e\n \u003ctracking-mode\u003eURL\u003c/tracking-mode\u003e\n \u003c/session-config\u003e\n~~~\nTO\n~~~\n \u003csession-config\u003e\n \u003ctracking-mode\u003eCOOKIE\u003c/tracking-mode\u003e\n \u003c/session-config\u003e\n~~~", "product_ids": [ "Text-Only RHOAR" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "Text-Only RHOAR" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "wildfly-elytron: session fixation when using FORM authentication" }, { "acknowledgments": [ { "names": [ "James R. Perkins" ], "organization": "Red Hat", "summary": "This issue was discovered by Red Hat." } ], "cve": "CVE-2020-10718", "cwe": { "id": "CWE-749", "name": "Exposed Dangerous Method or Function" }, "discovery_date": "2020-03-09T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1828476" } ], "notes": [ { "category": "description", "text": "A flaw was found in Wildfly, where the embedded managed process API has an exposed setting of the Thread Context Classloader (TCCL). This setting is exposed as a public method, which can bypass the security manager. The highest threat from this vulnerability is to confidentiality.", "title": "Vulnerability description" }, { "category": "summary", "text": "wildfly: exposed setting of TCCL via the EmbeddedManagedProcess API", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Text-Only RHOAR" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2020-10718" }, { "category": "external", "summary": "RHBZ#1828476", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1828476" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2020-10718", "url": "https://www.cve.org/CVERecord?id=CVE-2020-10718" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-10718", "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-10718" } ], "release_date": "2020-08-06T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2020-09-02T09:47:16+00:00", "details": "Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nThe References section of this erratum contains a download link for the update. You must be logged in to download the update.", "product_ids": [ "Text-Only RHOAR" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2020:3539" } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.9, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.1" }, "products": [ "Text-Only RHOAR" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "wildfly: exposed setting of TCCL via the EmbeddedManagedProcess API" }, { "acknowledgments": [ { "names": [ "Moritz Bechler" ], "organization": "SySS GmbH" } ], "cve": "CVE-2020-10740", "cwe": { "id": "CWE-502", "name": "Deserialization of Untrusted Data" }, "discovery_date": "2020-03-25T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1834512" } ], "notes": [ { "category": "description", "text": "A flaw was found in Wildfly. A remote deserialization attack is possible in the Enterprise Application Beans (EJB) due to lack of validation/filtering capabilities in wildfly. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availablity.", "title": "Vulnerability description" }, { "category": "summary", "text": "wildfly: unsafe deserialization in Wildfly Enterprise Java Beans", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Text-Only RHOAR" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2020-10740" }, { "category": "external", "summary": "RHBZ#1834512", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1834512" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2020-10740", "url": "https://www.cve.org/CVERecord?id=CVE-2020-10740" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-10740", "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-10740" } ], "release_date": "2020-06-02T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2020-09-02T09:47:16+00:00", "details": "Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nThe References section of this erratum contains a download link for the update. You must be logged in to download the update.", "product_ids": [ "Text-Only RHOAR" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2020:3539" }, { "category": "workaround", "details": "There is currently no known mitigation for this issue.", "product_ids": [ "Text-Only RHOAR" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "Text-Only RHOAR" ] } ], "threats": [ { "category": "impact", "details": "Important" } ], "title": "wildfly: unsafe deserialization in Wildfly Enterprise Java Beans" }, { "acknowledgments": [ { "names": [ "Matt Hamilton" ], "organization": "Soluble.ai" } ], "cve": "CVE-2020-10758", "cwe": { "id": "CWE-400", "name": "Uncontrolled Resource Consumption" }, "discovery_date": "2020-06-02T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1843849" } ], "notes": [ { "category": "description", "text": "A flaw was found in Keycloak. This flaw allows an attacker to perform a denial of service attack by sending multiple simultaneous requests with a Content-Length header value greater than the actual byte count of the request body. The highest threat from this vulnerability is to system availability.", "title": "Vulnerability description" }, { "category": "summary", "text": "keycloak: DoS by sending multiple simultaneous requests with a Content-Length header value greater than actual byte count of request body", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Text-Only RHOAR" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2020-10758" }, { "category": "external", "summary": "RHBZ#1843849", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1843849" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2020-10758", "url": "https://www.cve.org/CVERecord?id=CVE-2020-10758" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-10758", "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-10758" } ], "release_date": "2020-08-18T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2020-09-02T09:47:16+00:00", "details": "Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nThe References section of this erratum contains a download link for the update. You must be logged in to download the update.", "product_ids": [ "Text-Only RHOAR" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2020:3539" }, { "category": "workaround", "details": "- The possibility of this issue largely depends on the environment, specifically the load balancer or reverse proxies between the client and the server. The issue occurs when there is no load balancer in place.\n\n- Proper tuning of HTTP request timeout and keycloak database max pool size can mitigate this issue :\nbin/jboss-cli.sh --connect --commands=\u0027/subsystem=transactions:write-attribute(name=default-timeout,value=30),/subsystem=undertow/server=default-server/http-listener=default/:write-attribute(name=read-timeout,value=30000),/subsystem=undertow/server=default-server/https-listener=https/:write-attribute(name=read-timeout,value=30000),/subsystem=datasources/data-source=KeycloakDS/:write-attribute(name=max-pool-size,value=100),reload\u0027", "product_ids": [ "Text-Only RHOAR" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "Text-Only RHOAR" ] } ], "threats": [ { "category": "impact", "details": "Important" } ], "title": "keycloak: DoS by sending multiple simultaneous requests with a Content-Length header value greater than actual byte count of request body" }, { "cve": "CVE-2020-14297", "cwe": { "id": "CWE-400", "name": "Uncontrolled Resource Consumption" }, "discovery_date": "2020-07-01T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1853595" } ], "notes": [ { "category": "description", "text": "A flaw was found in Wildfly\u0027s EJB Client, where the accumulation of specific EJB transaction objects over time can cause services to slow down and eventually become unavailable. This flaw allows an attacker to cause a denial of service. The highest threat from this vulnerability is to system availability.", "title": "Vulnerability description" }, { "category": "summary", "text": "wildfly: Some EJB transaction objects may get accumulated causing Denial of Service", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Text-Only RHOAR" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2020-14297" }, { "category": "external", "summary": "RHBZ#1853595", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1853595" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2020-14297", "url": "https://www.cve.org/CVERecord?id=CVE-2020-14297" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-14297", "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-14297" } ], "release_date": "2020-07-23T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2020-09-02T09:47:16+00:00", "details": "Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nThe References section of this erratum contains a download link for the update. You must be logged in to download the update.", "product_ids": [ "Text-Only RHOAR" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2020:3539" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "Text-Only RHOAR" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "wildfly: Some EJB transaction objects may get accumulated causing Denial of Service" }, { "cve": "CVE-2020-14307", "cwe": { "id": "CWE-404", "name": "Improper Resource Shutdown or Release" }, "discovery_date": "2020-06-19T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1851327" } ], "notes": [ { "category": "description", "text": "A vulnerability was found in Wildfly\u0027s Enterprise Java Beans (EJB), where SessionOpenInvocations are never removed from the remote InvocationTracker after a response is received in the EJB Client, as well as the server. This flaw allows an attacker to craft a denial of service attack to make the service unavailable.", "title": "Vulnerability description" }, { "category": "summary", "text": "wildfly: EJB SessionOpenInvocations may not be removed properly after a response is received causing Denial of Service", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Text-Only RHOAR" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2020-14307" }, { "category": "external", "summary": "RHBZ#1851327", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1851327" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2020-14307", "url": "https://www.cve.org/CVERecord?id=CVE-2020-14307" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-14307", "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-14307" } ], "release_date": "2020-07-23T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2020-09-02T09:47:16+00:00", "details": "Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nThe References section of this erratum contains a download link for the update. You must be logged in to download the update.", "product_ids": [ "Text-Only RHOAR" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2020:3539" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "Text-Only RHOAR" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "wildfly: EJB SessionOpenInvocations may not be removed properly after a response is received causing Denial of Service" } ] }
rhsa-2020_3464
Vulnerability from csaf_redhat
Published
2020-08-17 13:25
Modified
2024-11-05 22:38
Summary
Red Hat Security Advisory: Red Hat JBoss Enterprise Application Platform 7.3.2 security update
Notes
Topic
An update is now available for Red Hat JBoss Enterprise Application Platform 7.3.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details
Red Hat JBoss Enterprise Application Platform 7 is a platform for Java applications based on the WildFly application runtime.
This release of Red Hat JBoss Enterprise Application Platform 7.3.2 serves as a replacement for Red Hat JBoss Enterprise Application Platform 7.3.1, and includes bug fixes and enhancements. See the Red Hat JBoss Enterprise Application Platform 7.3.2 Release Notes for information about the most significant bug fixes and enhancements included in this release.
Security Fix(es):
* wildfly: exposed setting of TCCL via the EmbeddedManagedProcess API (CVE-2020-10718)
* dom4j: XML External Entity vulnerability in default SAX parser (CVE-2020-10683)
* wildfly-elytron: session fixation when using FORM authentication (CVE-2020-10714)
* wildfly-undertow: Undertow: Incomplete fix for CVE-2017-2666 due to permitting invalid characters in HTTP requests (CVE-2020-10687)
* jackson-databind: mishandles the interaction between serialization gadgets and typing which could result in remote command execution (CVE-2020-10673)
* hibernate-core: hibernate: SQL injection issue in Hibernate ORM (CVE-2019-14900)
* wildfly: unsafe deserialization in Wildfly Enterprise Java Beans (CVE-2020-10740)
* jackson-databind: mishandles the interaction between serialization gadgets and typing which could result in remote command execution (CVE-2020-10672)
* undertow: EAP: field-name is not parsed in accordance to RFC7230 (CVE-2020-1710)
* hibernate-validator: Improper input validation in the interpolation of constraint error messages (CVE-2020-10693)
* wildfly: Improper authorization issue in WildFlySecurityManager when using alternative protection domain (CVE-2020-1748)
* wildfly: Some EJB transaction objects may get accumulated causing Denial of Service (CVE-2020-14297)
For more details about the security issue(s), including the impact, a CVSS score, and other related information, see the CVE page(s) listed in the References section.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{ "document": { "aggregate_severity": { "namespace": "https://access.redhat.com/security/updates/classification/", "text": "Important" }, "category": "csaf_security_advisory", "csaf_version": "2.0", "distribution": { "text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.", "tlp": { "label": "WHITE", "url": "https://www.first.org/tlp/" } }, "lang": "en", "notes": [ { "category": "summary", "text": "An update is now available for Red Hat JBoss Enterprise Application Platform 7.3.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.", "title": "Topic" }, { "category": "general", "text": "Red Hat JBoss Enterprise Application Platform 7 is a platform for Java applications based on the WildFly application runtime.\n\nThis release of Red Hat JBoss Enterprise Application Platform 7.3.2 serves as a replacement for Red Hat JBoss Enterprise Application Platform 7.3.1, and includes bug fixes and enhancements. See the Red Hat JBoss Enterprise Application Platform 7.3.2 Release Notes for information about the most significant bug fixes and enhancements included in this release.\n\nSecurity Fix(es):\n\n* wildfly: exposed setting of TCCL via the EmbeddedManagedProcess API (CVE-2020-10718)\n\n* dom4j: XML External Entity vulnerability in default SAX parser (CVE-2020-10683)\n\n* wildfly-elytron: session fixation when using FORM authentication (CVE-2020-10714)\n\n* wildfly-undertow: Undertow: Incomplete fix for CVE-2017-2666 due to permitting invalid characters in HTTP requests (CVE-2020-10687)\n\n* jackson-databind: mishandles the interaction between serialization gadgets and typing which could result in remote command execution (CVE-2020-10673)\n\n* hibernate-core: hibernate: SQL injection issue in Hibernate ORM (CVE-2019-14900)\n\n* wildfly: unsafe deserialization in Wildfly Enterprise Java Beans (CVE-2020-10740)\n\n* jackson-databind: mishandles the interaction between serialization gadgets and typing which could result in remote command execution (CVE-2020-10672)\n\n* undertow: EAP: field-name is not parsed in accordance to RFC7230 (CVE-2020-1710)\n\n* hibernate-validator: Improper input validation in the interpolation of constraint error messages (CVE-2020-10693)\n\n* wildfly: Improper authorization issue in WildFlySecurityManager when using alternative protection domain (CVE-2020-1748)\n\n* wildfly: Some EJB transaction objects may get accumulated causing Denial of Service (CVE-2020-14297)\n\nFor more details about the security issue(s), including the impact, a CVSS score, and other related information, see the CVE page(s) listed in the References section.", "title": "Details" }, { "category": "legal_disclaimer", "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.", "title": "Terms of Use" } ], "publisher": { "category": "vendor", "contact_details": "https://access.redhat.com/security/team/contact/", "issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.", "name": "Red Hat Product Security", "namespace": "https://www.redhat.com" }, "references": [ { "category": "self", "summary": "https://access.redhat.com/errata/RHSA-2020:3464", "url": "https://access.redhat.com/errata/RHSA-2020:3464" }, { "category": "external", "summary": "https://access.redhat.com/security/updates/classification/#important", "url": "https://access.redhat.com/security/updates/classification/#important" }, { "category": "external", "summary": "1666499", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1666499" }, { "category": "external", "summary": "1694235", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1694235" }, { "category": "external", "summary": "1785049", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1785049" }, { "category": "external", "summary": "1793970", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1793970" }, { "category": "external", "summary": "1805501", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1805501" }, { "category": "external", "summary": "1807707", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1807707" }, { "category": "external", "summary": "1815470", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1815470" }, { "category": "external", "summary": "1815495", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1815495" }, { "category": "external", "summary": "1825714", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1825714" }, { "category": "external", "summary": "1828476", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1828476" }, { "category": "external", "summary": "1834512", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1834512" }, { "category": "external", "summary": "1851327", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1851327" }, { "category": "external", "summary": "1853595", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1853595" }, { "category": "external", "summary": "JBEAP-19095", "url": "https://issues.redhat.com/browse/JBEAP-19095" }, { "category": "external", "summary": "JBEAP-19134", "url": "https://issues.redhat.com/browse/JBEAP-19134" }, { "category": "external", "summary": "JBEAP-19185", "url": "https://issues.redhat.com/browse/JBEAP-19185" }, { "category": "external", "summary": "JBEAP-19203", "url": "https://issues.redhat.com/browse/JBEAP-19203" }, { "category": "external", "summary": "JBEAP-19269", "url": "https://issues.redhat.com/browse/JBEAP-19269" }, { "category": "external", "summary": "JBEAP-19322", "url": "https://issues.redhat.com/browse/JBEAP-19322" }, { "category": "external", "summary": "JBEAP-19325", "url": "https://issues.redhat.com/browse/JBEAP-19325" }, { "category": "external", "summary": "JBEAP-19397", "url": "https://issues.redhat.com/browse/JBEAP-19397" }, { "category": "external", "summary": "JBEAP-19529", "url": "https://issues.redhat.com/browse/JBEAP-19529" }, { "category": "external", "summary": "JBEAP-19564", "url": "https://issues.redhat.com/browse/JBEAP-19564" }, { "category": "external", "summary": "JBEAP-19585", "url": "https://issues.redhat.com/browse/JBEAP-19585" }, { "category": "external", "summary": "JBEAP-19617", "url": "https://issues.redhat.com/browse/JBEAP-19617" }, { "category": "external", "summary": "JBEAP-19619", "url": "https://issues.redhat.com/browse/JBEAP-19619" }, { "category": "external", "summary": "JBEAP-19673", "url": "https://issues.redhat.com/browse/JBEAP-19673" }, { "category": "external", "summary": "JBEAP-19674", "url": "https://issues.redhat.com/browse/JBEAP-19674" }, { "category": "external", "summary": "JBEAP-19874", "url": "https://issues.redhat.com/browse/JBEAP-19874" }, { "category": "self", "summary": "Canonical URL", "url": "https://security.access.redhat.com/data/csaf/v2/advisories/2020/rhsa-2020_3464.json" } ], "title": "Red Hat Security Advisory: Red Hat JBoss Enterprise Application Platform 7.3.2 security update", "tracking": { "current_release_date": "2024-11-05T22:38:41+00:00", "generator": { "date": "2024-11-05T22:38:41+00:00", "engine": { "name": "Red Hat SDEngine", "version": "4.1.1" } }, "id": "RHSA-2020:3464", "initial_release_date": "2020-08-17T13:25:19+00:00", "revision_history": [ { "date": "2020-08-17T13:25:19+00:00", "number": "1", "summary": "Initial version" }, { "date": "2020-08-17T13:25:19+00:00", "number": "2", "summary": "Last updated version" }, { "date": "2024-11-05T22:38:41+00:00", "number": "3", "summary": "Last generated version" } ], "status": "final", "version": "3" } }, "product_tree": { "branches": [ { "branches": [ { "branches": [ { "category": "product_name", "name": "Red Hat JBoss Enterprise Application Platform 7", "product": { "name": "Red Hat JBoss Enterprise Application Platform 7", "product_id": "Red Hat JBoss Enterprise Application Platform 7", "product_identification_helper": { "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:7.3.0" } } } ], "category": "product_family", "name": "Red Hat JBoss Enterprise Application Platform" } ], "category": "vendor", "name": "Red Hat" } ] }, "vulnerabilities": [ { "acknowledgments": [ { "names": [ "Guillaume Smet" ], "organization": "Red Hat", "summary": "This issue was discovered by Red Hat." } ], "cve": "CVE-2019-14900", "cwe": { "id": "CWE-89", "name": "Improper Neutralization of Special Elements used in an SQL Command (\u0027SQL Injection\u0027)" }, "discovery_date": "2019-01-15T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1666499" } ], "notes": [ { "category": "description", "text": "A flaw was found in Hibernate ORM. A SQL injection in the implementation of the JPA Criteria API can permit unsanitized literals when a literal is used in the SELECT or GROUP BY parts of the query. This flaw could allow an attacker to access unauthorized information or possibly conduct further attacks.", "title": "Vulnerability description" }, { "category": "summary", "text": "hibernate: SQL injection issue in Hibernate ORM", "title": "Vulnerability summary" }, { "category": "other", "text": "OpenDaylight:\nIn RHOSP10, RHOSP13 and RHOSP14 editions of Red Hat OpenStack platform, the hibernate-jfa library shipped with OpenDaylight is contains a flaw in the processing of SQL queries. The hibernate-jha implemenation is not used in a vulnerable way in OpenDaylight, preventing the potential for SQL injection.\n\nRed Hat Satellite 6.2, 6.3 and 6.4 contains affected versions of hibernate-core in its candlepin component. However, that component does not use hibernate-core in a vulnerable way.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Red Hat JBoss Enterprise Application Platform 7" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2019-14900" }, { "category": "external", "summary": "RHBZ#1666499", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1666499" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2019-14900", "url": "https://www.cve.org/CVERecord?id=CVE-2019-14900" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2019-14900", "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-14900" } ], "release_date": "2020-05-12T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2020-08-17T13:25:19+00:00", "details": "Before applying this update, back up your existing Red Hat JBoss Enterprise Application Platform installation and deployed applications.\n\nThe References section of this erratum contains a download link (you must log in to download the update).\n\nThe JBoss server process must be restarted for the update to take effect.", "product_ids": [ "Red Hat JBoss Enterprise Application Platform 7" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2020:3464" }, { "category": "workaround", "details": "There is no currently known mitigation for this flaw.", "product_ids": [ "Red Hat JBoss Enterprise Application Platform 7" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "version": "3.1" }, "products": [ "Red Hat JBoss Enterprise Application Platform 7" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "hibernate: SQL injection issue in Hibernate ORM" }, { "cve": "CVE-2020-1710", "cwe": { "id": "CWE-113", "name": "Improper Neutralization of CRLF Sequences in HTTP Headers (\u0027HTTP Request/Response Splitting\u0027)" }, "discovery_date": "2019-12-20T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1793970" } ], "notes": [ { "category": "description", "text": "A flaw was discovered in JBoss EAP, where it does not process the header field-name in accordance with RFC7230. Whitespace between the header field-name and colon is processed, resulting in an HTTP response code of 200 instead of a bad request of 400.", "title": "Vulnerability description" }, { "category": "summary", "text": "EAP: field-name is not parsed in accordance to RFC7230", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Red Hat JBoss Enterprise Application Platform 7" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2020-1710" }, { "category": "external", "summary": "RHBZ#1793970", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1793970" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2020-1710", "url": "https://www.cve.org/CVERecord?id=CVE-2020-1710" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-1710", "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-1710" } ], "release_date": "2020-08-06T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2020-08-17T13:25:19+00:00", "details": "Before applying this update, back up your existing Red Hat JBoss Enterprise Application Platform installation and deployed applications.\n\nThe References section of this erratum contains a download link (you must log in to download the update).\n\nThe JBoss server process must be restarted for the update to take effect.", "product_ids": [ "Red Hat JBoss Enterprise Application Platform 7" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2020:3464" }, { "category": "workaround", "details": "There is currently no known mitigation for this issue.", "product_ids": [ "Red Hat JBoss Enterprise Application Platform 7" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", "version": "3.1" }, "products": [ "Red Hat JBoss Enterprise Application Platform 7" ] } ], "threats": [ { "category": "impact", "details": "Important" } ], "title": "EAP: field-name is not parsed in accordance to RFC7230" }, { "cve": "CVE-2020-1748", "cwe": { "id": "CWE-285", "name": "Improper Authorization" }, "discovery_date": "2020-02-26T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1807707" } ], "notes": [ { "category": "description", "text": "A flaw was found in Wildfly, where the WildFlySecurityManager checks were bypassed when using custom security managers, resulting in an improper authorization. This flaw leads to information exposure by unauthenticated access to secure resources.", "title": "Vulnerability description" }, { "category": "summary", "text": "Wildfly: Improper authorization issue in WildFlySecurityManager when using alternative protection domain", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Red Hat JBoss Enterprise Application Platform 7" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2020-1748" }, { "category": "external", "summary": "RHBZ#1807707", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1807707" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2020-1748", "url": "https://www.cve.org/CVERecord?id=CVE-2020-1748" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-1748", "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-1748" } ], "release_date": "2020-08-06T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2020-08-17T13:25:19+00:00", "details": "Before applying this update, back up your existing Red Hat JBoss Enterprise Application Platform installation and deployed applications.\n\nThe References section of this erratum contains a download link (you must log in to download the update).\n\nThe JBoss server process must be restarted for the update to take effect.", "product_ids": [ "Red Hat JBoss Enterprise Application Platform 7" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2020:3464" } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 4.8, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N", "version": "3.1" }, "products": [ "Red Hat JBoss Enterprise Application Platform 7" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "Wildfly: Improper authorization issue in WildFlySecurityManager when using alternative protection domain" }, { "cve": "CVE-2020-10672", "cwe": { "id": "CWE-96", "name": "Improper Neutralization of Directives in Statically Saved Code (\u0027Static Code Injection\u0027)" }, "discovery_date": "2020-03-19T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1815495" } ], "notes": [ { "category": "description", "text": "A flaw was found in jackson-databind 2.x in versions prior to 2.9.10.4. FasterXML jackson-databind 2.x mishandles the interaction between serialization gadgets and typing. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.", "title": "Vulnerability description" }, { "category": "summary", "text": "jackson-databind: mishandles the interaction between serialization gadgets and typing which could result in remote command execution", "title": "Vulnerability summary" }, { "category": "other", "text": "Red Hat OpenStack Platform ships OpenDaylight, which contains the vulnerable jackson-databind. However, OpenDaylight does not expose jackson-databind in a way that would make it vulnerable, lowering the impact of the vulnerability for OpenDaylight. As such, Red Hat will not be providing a fix for OpenDaylight at this time.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Red Hat JBoss Enterprise Application Platform 7" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2020-10672" }, { "category": "external", "summary": "RHBZ#1815495", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1815495" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2020-10672", "url": "https://www.cve.org/CVERecord?id=CVE-2020-10672" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-10672", "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-10672" } ], "release_date": "2020-03-15T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2020-08-17T13:25:19+00:00", "details": "Before applying this update, back up your existing Red Hat JBoss Enterprise Application Platform installation and deployed applications.\n\nThe References section of this erratum contains a download link (you must log in to download the update).\n\nThe JBoss server process must be restarted for the update to take effect.", "product_ids": [ "Red Hat JBoss Enterprise Application Platform 7" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2020:3464" } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.1, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "Red Hat JBoss Enterprise Application Platform 7" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "jackson-databind: mishandles the interaction between serialization gadgets and typing which could result in remote command execution" }, { "cve": "CVE-2020-10673", "cwe": { "id": "CWE-96", "name": "Improper Neutralization of Directives in Statically Saved Code (\u0027Static Code Injection\u0027)" }, "discovery_date": "2020-03-19T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1815470" } ], "notes": [ { "category": "description", "text": "A flaw was found in jackson-databind 2.x in versions prior to 2.9.10.4. FasterXML jackson-databind 2.x mishandles the interaction between serialization gadgets and typing. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.", "title": "Vulnerability description" }, { "category": "summary", "text": "jackson-databind: mishandles the interaction between serialization gadgets and typing which could result in remote command execution", "title": "Vulnerability summary" }, { "category": "other", "text": "Red Hat OpenStack Platform ships OpenDaylight, which contains the vulnerable jackson-databind. However, OpenDaylight does not expose jackson-databind in a way that would make it vulnerable, lowering the impact of the vulnerability for OpenDaylight. As such, Red Hat will not be providing a fix for OpenDaylight at this time. Additionally, the gadget is not available within Red Hat Openstack Platform\u0027s OpenDaylight.\n\nWhile OpenShift Container Platform\u0027s elasticsearch plugins do ship the vulnerable component, it doesn\u0027t do any of the unsafe things described in https://access.redhat.com/solutions/3279231. We may update the jackson-databind dependency in a future release.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Red Hat JBoss Enterprise Application Platform 7" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2020-10673" }, { "category": "external", "summary": "RHBZ#1815470", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1815470" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2020-10673", "url": "https://www.cve.org/CVERecord?id=CVE-2020-10673" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-10673", "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-10673" } ], "release_date": "2020-03-18T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2020-08-17T13:25:19+00:00", "details": "Before applying this update, back up your existing Red Hat JBoss Enterprise Application Platform installation and deployed applications.\n\nThe References section of this erratum contains a download link (you must log in to download the update).\n\nThe JBoss server process must be restarted for the update to take effect.", "product_ids": [ "Red Hat JBoss Enterprise Application Platform 7" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2020:3464" } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 5.6, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L", "version": "3.1" }, "products": [ "Red Hat JBoss Enterprise Application Platform 7" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "jackson-databind: mishandles the interaction between serialization gadgets and typing which could result in remote command execution" }, { "acknowledgments": [ { "names": [ "Adith Sudhakar" ] } ], "cve": "CVE-2020-10683", "cwe": { "id": "CWE-611", "name": "Improper Restriction of XML External Entity Reference" }, "discovery_date": "2019-03-28T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1694235" } ], "notes": [ { "category": "description", "text": "dom4j before 2.0.3 and 2.1.x before 2.1.3 allows external DTDs and External Entities by default, which might enable XXE attacks. However, there is popular external documentation from OWASP showing how to enable the safe, non-default behavior in any application that uses dom4j.", "title": "Vulnerability description" }, { "category": "summary", "text": "dom4j: XML External Entity vulnerability in default SAX parser", "title": "Vulnerability summary" }, { "category": "other", "text": "OpenShift Container Platform ships a vulnerable version of dom4j library. However it\u0027s used to parse configuration files, which are local disk resources. We\u0027ve rated this issue with a moderate impact for OpenShift Container Platform.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Red Hat JBoss Enterprise Application Platform 7" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2020-10683" }, { "category": "external", "summary": "RHBZ#1694235", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1694235" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2020-10683", "url": "https://www.cve.org/CVERecord?id=CVE-2020-10683" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-10683", "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-10683" } ], "release_date": "2020-04-15T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2020-08-17T13:25:19+00:00", "details": "Before applying this update, back up your existing Red Hat JBoss Enterprise Application Platform installation and deployed applications.\n\nThe References section of this erratum contains a download link (you must log in to download the update).\n\nThe JBoss server process must be restarted for the update to take effect.", "product_ids": [ "Red Hat JBoss Enterprise Application Platform 7" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2020:3464" } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 5.0, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:L", "version": "3.1" }, "products": [ "Red Hat JBoss Enterprise Application Platform 7" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "dom4j: XML External Entity vulnerability in default SAX parser" }, { "acknowledgments": [ { "names": [ "Aaron Ogburn" ], "organization": "Red Hat", "summary": "This issue was discovered by Red Hat." } ], "cve": "CVE-2020-10687", "cwe": { "id": "CWE-444", "name": "Inconsistent Interpretation of HTTP Requests (\u0027HTTP Request/Response Smuggling\u0027)" }, "discovery_date": "2019-06-27T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1785049" } ], "notes": [ { "category": "description", "text": "A flaw was discovered in Undertow where HTTP request smuggling related to CVE-2017-2666 is possible against HTTP/1.x and HTTP/2 due to permitting invalid characters in an HTTP request. This flaw allows an attacker to poison a web-cache, perform an XSS attack, or obtain sensitive information from request other than their own.", "title": "Vulnerability description" }, { "category": "summary", "text": "Undertow: Incomplete fix for CVE-2017-2666 due to permitting invalid characters in HTTP requests", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Red Hat JBoss Enterprise Application Platform 7" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2020-10687" }, { "category": "external", "summary": "RHBZ#1785049", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1785049" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2020-10687", "url": "https://www.cve.org/CVERecord?id=CVE-2020-10687" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-10687", "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-10687" } ], "release_date": "2020-04-15T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2020-08-17T13:25:19+00:00", "details": "Before applying this update, back up your existing Red Hat JBoss Enterprise Application Platform installation and deployed applications.\n\nThe References section of this erratum contains a download link (you must log in to download the update).\n\nThe JBoss server process must be restarted for the update to take effect.", "product_ids": [ "Red Hat JBoss Enterprise Application Platform 7" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2020:3464" } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 4.8, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N", "version": "3.0" }, "products": [ "Red Hat JBoss Enterprise Application Platform 7" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "Undertow: Incomplete fix for CVE-2017-2666 due to permitting invalid characters in HTTP requests" }, { "acknowledgments": [ { "names": [ "Alvaro Mu\u00f1oz" ], "organization": "GitHub Security Labs" } ], "cve": "CVE-2020-10693", "cwe": { "id": "CWE-20", "name": "Improper Input Validation" }, "discovery_date": "2020-02-05T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1805501" } ], "notes": [ { "category": "description", "text": "A flaw was found in Hibernate Validator version 6.1.2.Final. A bug in the message interpolation processor enables invalid EL expressions to be evaluated as if they were valid. This flaw allows attackers to bypass input sanitation (escaping, stripping) controls that developers may have put in place when handling user-controlled data in error messages.", "title": "Vulnerability description" }, { "category": "summary", "text": "hibernate-validator: Improper input validation in the interpolation of constraint error messages", "title": "Vulnerability summary" }, { "category": "other", "text": "hibernate-validator is packaged with Red Hat OpenStack Platform 13.0\u0027s OpenDaylight (ODL). However, because ODL is technical preview in this version and the flaw is moderate, Red Hat will not be releasing a fix for the OpenStack package at this time.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Red Hat JBoss Enterprise Application Platform 7" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2020-10693" }, { "category": "external", "summary": "RHBZ#1805501", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1805501" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2020-10693", "url": "https://www.cve.org/CVERecord?id=CVE-2020-10693" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-10693", "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-10693" } ], "release_date": "2020-05-05T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2020-08-17T13:25:19+00:00", "details": "Before applying this update, back up your existing Red Hat JBoss Enterprise Application Platform installation and deployed applications.\n\nThe References section of this erratum contains a download link (you must log in to download the update).\n\nThe JBoss server process must be restarted for the update to take effect.", "product_ids": [ "Red Hat JBoss Enterprise Application Platform 7" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2020:3464" }, { "category": "workaround", "details": "You can pass user input as an expression variable by unwrapping the context to HibernateConstraintValidatorContext. Please refer to the https://in.relation.to/2020/05/07/hibernate-validator-615-6020-released/ and https://docs.jboss.org/hibernate/stable/validator/reference/en-US/html_single/#_the_code_constraintvalidatorcontext_code.", "product_ids": [ "Red Hat JBoss Enterprise Application Platform 7" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", "version": "3.1" }, "products": [ "Red Hat JBoss Enterprise Application Platform 7" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "hibernate-validator: Improper input validation in the interpolation of constraint error messages" }, { "acknowledgments": [ { "names": [ "Mark Banierink" ], "organization": "Nedap" } ], "cve": "CVE-2020-10714", "cwe": { "id": "CWE-384", "name": "Session Fixation" }, "discovery_date": "2020-03-24T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1825714" } ], "notes": [ { "category": "description", "text": "A flaw was found in WildFly Elytron version 1.11.3.Final and before. When using WildFly Elytron FORM authentication with a session ID in the URL, an attacker could perform a session fixation attack. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.", "title": "Vulnerability description" }, { "category": "summary", "text": "wildfly-elytron: session fixation when using FORM authentication", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Red Hat JBoss Enterprise Application Platform 7" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2020-10714" }, { "category": "external", "summary": "RHBZ#1825714", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1825714" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2020-10714", "url": "https://www.cve.org/CVERecord?id=CVE-2020-10714" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-10714", "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-10714" } ], "release_date": "2020-04-28T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2020-08-17T13:25:19+00:00", "details": "Before applying this update, back up your existing Red Hat JBoss Enterprise Application Platform installation and deployed applications.\n\nThe References section of this erratum contains a download link (you must log in to download the update).\n\nThe JBoss server process must be restarted for the update to take effect.", "product_ids": [ "Red Hat JBoss Enterprise Application Platform 7" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2020:3464" }, { "category": "workaround", "details": "This attack is dependent on the attacker being able to create a session and the victim accessing the session before the session expires, we do have a 15 minute session timeout by default but the attacker could also keep this alive by say sending in a request every five minutes.\n\nThe server by default supports session tracking by URL and Cookie, if the web.xml is updated to support COOKIE only the exploit is not possible by sharing the link.\n~~~\n \u003csession-config\u003e\n \u003ctracking-mode\u003eURL\u003c/tracking-mode\u003e\n \u003c/session-config\u003e\n~~~\nTO\n~~~\n \u003csession-config\u003e\n \u003ctracking-mode\u003eCOOKIE\u003c/tracking-mode\u003e\n \u003c/session-config\u003e\n~~~", "product_ids": [ "Red Hat JBoss Enterprise Application Platform 7" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "Red Hat JBoss Enterprise Application Platform 7" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "wildfly-elytron: session fixation when using FORM authentication" }, { "acknowledgments": [ { "names": [ "James R. Perkins" ], "organization": "Red Hat", "summary": "This issue was discovered by Red Hat." } ], "cve": "CVE-2020-10718", "cwe": { "id": "CWE-749", "name": "Exposed Dangerous Method or Function" }, "discovery_date": "2020-03-09T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1828476" } ], "notes": [ { "category": "description", "text": "A flaw was found in Wildfly, where the embedded managed process API has an exposed setting of the Thread Context Classloader (TCCL). This setting is exposed as a public method, which can bypass the security manager. The highest threat from this vulnerability is to confidentiality.", "title": "Vulnerability description" }, { "category": "summary", "text": "wildfly: exposed setting of TCCL via the EmbeddedManagedProcess API", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Red Hat JBoss Enterprise Application Platform 7" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2020-10718" }, { "category": "external", "summary": "RHBZ#1828476", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1828476" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2020-10718", "url": "https://www.cve.org/CVERecord?id=CVE-2020-10718" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-10718", "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-10718" } ], "release_date": "2020-08-06T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2020-08-17T13:25:19+00:00", "details": "Before applying this update, back up your existing Red Hat JBoss Enterprise Application Platform installation and deployed applications.\n\nThe References section of this erratum contains a download link (you must log in to download the update).\n\nThe JBoss server process must be restarted for the update to take effect.", "product_ids": [ "Red Hat JBoss Enterprise Application Platform 7" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2020:3464" } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.9, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.1" }, "products": [ "Red Hat JBoss Enterprise Application Platform 7" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "wildfly: exposed setting of TCCL via the EmbeddedManagedProcess API" }, { "acknowledgments": [ { "names": [ "Moritz Bechler" ], "organization": "SySS GmbH" } ], "cve": "CVE-2020-10740", "cwe": { "id": "CWE-502", "name": "Deserialization of Untrusted Data" }, "discovery_date": "2020-03-25T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1834512" } ], "notes": [ { "category": "description", "text": "A flaw was found in Wildfly. A remote deserialization attack is possible in the Enterprise Application Beans (EJB) due to lack of validation/filtering capabilities in wildfly. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availablity.", "title": "Vulnerability description" }, { "category": "summary", "text": "wildfly: unsafe deserialization in Wildfly Enterprise Java Beans", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Red Hat JBoss Enterprise Application Platform 7" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2020-10740" }, { "category": "external", "summary": "RHBZ#1834512", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1834512" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2020-10740", "url": "https://www.cve.org/CVERecord?id=CVE-2020-10740" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-10740", "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-10740" } ], "release_date": "2020-06-02T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2020-08-17T13:25:19+00:00", "details": "Before applying this update, back up your existing Red Hat JBoss Enterprise Application Platform installation and deployed applications.\n\nThe References section of this erratum contains a download link (you must log in to download the update).\n\nThe JBoss server process must be restarted for the update to take effect.", "product_ids": [ "Red Hat JBoss Enterprise Application Platform 7" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2020:3464" }, { "category": "workaround", "details": "There is currently no known mitigation for this issue.", "product_ids": [ "Red Hat JBoss Enterprise Application Platform 7" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "Red Hat JBoss Enterprise Application Platform 7" ] } ], "threats": [ { "category": "impact", "details": "Important" } ], "title": "wildfly: unsafe deserialization in Wildfly Enterprise Java Beans" }, { "cve": "CVE-2020-11612", "cwe": { "id": "CWE-400", "name": "Uncontrolled Resource Consumption" }, "discovery_date": "2020-03-23T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1816216" } ], "notes": [ { "category": "description", "text": "A flaw was found in Netty in the way it handles the amount of data it compresses and decompresses. The Compression/Decompression codecs should enforce memory allocation size limits to avoid an Out of Memory Error (OOME) or exhaustion of the memory pool.", "title": "Vulnerability description" }, { "category": "summary", "text": "netty: compression/decompression codecs don\u0027t enforce limits on buffer allocation sizes", "title": "Vulnerability summary" }, { "category": "other", "text": "In OpenShift Container Platform end users don\u0027t have direct access to send requests to ElasticSearch. A user could need access to the ElasticSearch service on the internal cluster network in order to be able to send malicious requests to it.\n\n\nThird party scanners flagging Red Hat Satellite due to availability of the higher version packages in Red Hat AMQ Clients (through errata RHSA-2020:2605) compare to the qpid packages from Satellite Tools repository. qpid dependency fixed in errata RHSA-2020:2605 was for Red Hat AMQ Clients and it doesn\u0027t necessarily mean that packages from Satellite Tools are affected. These are two different products with different architecture and code-base. Updating the packages from any other repository than the Satellite-tools repository is not recommended for Satellite Customers. \n\nRed Hat Satellite 6.7 and earlier ship affected version of netty, however, there is no external connection being exposed and it is used by only Artemis to open an internal connection within the JVM. Since netty does not come into contact with untrusted data, vulnerability is not exposed in product code and there is no breach of Confidentiality, Integrity or Availability expected from this vulnerability. We may update the netty and its dependency in a future release.\n\nMore information regarding Satellite related packages can be found on KCS: https://access.redhat.com/solutions/5200591", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Red Hat JBoss Enterprise Application Platform 7" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2020-11612" }, { "category": "external", "summary": "RHBZ#1816216", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1816216" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2020-11612", "url": "https://www.cve.org/CVERecord?id=CVE-2020-11612" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-11612", "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-11612" } ], "release_date": "2020-01-31T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2020-08-17T13:25:19+00:00", "details": "Before applying this update, back up your existing Red Hat JBoss Enterprise Application Platform installation and deployed applications.\n\nThe References section of this erratum contains a download link (you must log in to download the update).\n\nThe JBoss server process must be restarted for the update to take effect.", "product_ids": [ "Red Hat JBoss Enterprise Application Platform 7" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2020:3464" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "Red Hat JBoss Enterprise Application Platform 7" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "netty: compression/decompression codecs don\u0027t enforce limits on buffer allocation sizes" }, { "cve": "CVE-2020-14297", "cwe": { "id": "CWE-400", "name": "Uncontrolled Resource Consumption" }, "discovery_date": "2020-07-01T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1853595" } ], "notes": [ { "category": "description", "text": "A flaw was found in Wildfly\u0027s EJB Client, where the accumulation of specific EJB transaction objects over time can cause services to slow down and eventually become unavailable. This flaw allows an attacker to cause a denial of service. The highest threat from this vulnerability is to system availability.", "title": "Vulnerability description" }, { "category": "summary", "text": "wildfly: Some EJB transaction objects may get accumulated causing Denial of Service", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Red Hat JBoss Enterprise Application Platform 7" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2020-14297" }, { "category": "external", "summary": "RHBZ#1853595", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1853595" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2020-14297", "url": "https://www.cve.org/CVERecord?id=CVE-2020-14297" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-14297", "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-14297" } ], "release_date": "2020-07-23T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2020-08-17T13:25:19+00:00", "details": "Before applying this update, back up your existing Red Hat JBoss Enterprise Application Platform installation and deployed applications.\n\nThe References section of this erratum contains a download link (you must log in to download the update).\n\nThe JBoss server process must be restarted for the update to take effect.", "product_ids": [ "Red Hat JBoss Enterprise Application Platform 7" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2020:3464" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "Red Hat JBoss Enterprise Application Platform 7" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "wildfly: Some EJB transaction objects may get accumulated causing Denial of Service" }, { "cve": "CVE-2020-14307", "cwe": { "id": "CWE-404", "name": "Improper Resource Shutdown or Release" }, "discovery_date": "2020-06-19T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1851327" } ], "notes": [ { "category": "description", "text": "A vulnerability was found in Wildfly\u0027s Enterprise Java Beans (EJB), where SessionOpenInvocations are never removed from the remote InvocationTracker after a response is received in the EJB Client, as well as the server. This flaw allows an attacker to craft a denial of service attack to make the service unavailable.", "title": "Vulnerability description" }, { "category": "summary", "text": "wildfly: EJB SessionOpenInvocations may not be removed properly after a response is received causing Denial of Service", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Red Hat JBoss Enterprise Application Platform 7" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2020-14307" }, { "category": "external", "summary": "RHBZ#1851327", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1851327" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2020-14307", "url": "https://www.cve.org/CVERecord?id=CVE-2020-14307" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-14307", "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-14307" } ], "release_date": "2020-07-23T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2020-08-17T13:25:19+00:00", "details": "Before applying this update, back up your existing Red Hat JBoss Enterprise Application Platform installation and deployed applications.\n\nThe References section of this erratum contains a download link (you must log in to download the update).\n\nThe JBoss server process must be restarted for the update to take effect.", "product_ids": [ "Red Hat JBoss Enterprise Application Platform 7" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2020:3464" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "Red Hat JBoss Enterprise Application Platform 7" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "wildfly: EJB SessionOpenInvocations may not be removed properly after a response is received causing Denial of Service" } ] }
rhsa-2020_3642
Vulnerability from csaf_redhat
Published
2020-09-07 13:05
Modified
2024-11-05 22:40
Summary
Red Hat Security Advisory: Red Hat JBoss Enterprise Application Platform 7.2.9 security update
Notes
Topic
An update is now available for Red Hat JBoss Enterprise Application Platform 7.2.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details
This release of Red Hat JBoss Enterprise Application Platform 7.2.9 serves as a replacement for Red Hat JBoss Enterprise Application Platform 7.2.8, and includes bug fixes and enhancements. See the Red Hat JBoss Enterprise Application Platform 7.2.9 Release Notes for information about the most significant bug fixes and enhancements included in this release.
Security Fix(es):
* jackson-databind: Serialization gadgets in ibatis-sqlmap (CVE-2020-9547)
* jackson-databind: Lacks certain xbean-reflect/JNDI blocking (CVE-2020-8840)
* jackson-databind: Serialization gadgets in anteros-core (CVE-2020-9548)
* jackson-databind: mishandles the interaction between serialization gadgets and typing which could result in remote command execution (CVE-2020-10672)
* jackson-databind: mishandles the interaction between serialization gadgets and typing which could result in remote command execution (CVE-2020-10673)
* jackson-databind: Serialization gadgets in shaded-hikari-config (CVE-2020-9546)
* undertow: EAP: field-name is not parsed in accordance to RFC7230 (CVE-2020-1710)
* wildfly-undertow: Undertow: Incomplete fix for CVE-2017-2666 due to permitting invalid characters in HTTP requests (CVE-2020-10687)
* jsf-impl: Mojarra: Path traversal via either the loc parameter or the con parameter, incomplete fix of CVE-2018-14371 (CVE-2020-6950)
* resteasy-jaxrs: resteasy: Improper validation of response header in MediaTypeHeaderDelegate.java class (CVE-2020-1695)
* wildfly-elytron: session fixation when using FORM authentication (CVE-2020-10714)
* dom4j: XML External Entity vulnerability in default SAX parser (CVE-2020-10683)
* wildfly: Improper authorization issue in WildFlySecurityManager when using alternative protection domain (CVE-2020-1748)
* hibernate-validator: Improper input validation in the interpolation of constraint error messages (CVE-2020-10693)
* hibernate-core: hibernate: SQL injection issue in Hibernate ORM (CVE-2019-14900)
* wildfly: exposed setting of TCCL via the EmbeddedManagedProcess API (CVE-2020-10718)
• wildfly: unsafe deserialization in Wildfly Enterprise Java Beans (CVE-2020-10740)
* jboss-ejb-client: wildfly: EJB SessionOpenInvocations may not be removed properly after a response is received causing Denial of Service (CVE-2020-14307)
* jboss-ejb-client: wildfly: Some EJB transaction objects may get accumulated causing Denial of Service (CVE-2020-14297)
For more details about the security issue(s), including the impact, a CVSS score, and other related information, see the CVE page(s) listed in the References section.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{ "document": { "aggregate_severity": { "namespace": "https://access.redhat.com/security/updates/classification/", "text": "Important" }, "category": "csaf_security_advisory", "csaf_version": "2.0", "distribution": { "text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.", "tlp": { "label": "WHITE", "url": "https://www.first.org/tlp/" } }, "lang": "en", "notes": [ { "category": "summary", "text": "An update is now available for Red Hat JBoss Enterprise Application Platform 7.2.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.", "title": "Topic" }, { "category": "general", "text": "This release of Red Hat JBoss Enterprise Application Platform 7.2.9 serves as a replacement for Red Hat JBoss Enterprise Application Platform 7.2.8, and includes bug fixes and enhancements. See the Red Hat JBoss Enterprise Application Platform 7.2.9 Release Notes for information about the most significant bug fixes and enhancements included in this release.\n\nSecurity Fix(es):\n\n* jackson-databind: Serialization gadgets in ibatis-sqlmap (CVE-2020-9547)\n\n* jackson-databind: Lacks certain xbean-reflect/JNDI blocking (CVE-2020-8840)\n\n* jackson-databind: Serialization gadgets in anteros-core (CVE-2020-9548)\n\n* jackson-databind: mishandles the interaction between serialization gadgets and typing which could result in remote command execution (CVE-2020-10672)\n\n* jackson-databind: mishandles the interaction between serialization gadgets and typing which could result in remote command execution (CVE-2020-10673)\n\n* jackson-databind: Serialization gadgets in shaded-hikari-config (CVE-2020-9546)\n\n* undertow: EAP: field-name is not parsed in accordance to RFC7230 (CVE-2020-1710)\n\n* wildfly-undertow: Undertow: Incomplete fix for CVE-2017-2666 due to permitting invalid characters in HTTP requests (CVE-2020-10687)\n\n* jsf-impl: Mojarra: Path traversal via either the loc parameter or the con parameter, incomplete fix of CVE-2018-14371 (CVE-2020-6950)\n\n* resteasy-jaxrs: resteasy: Improper validation of response header in MediaTypeHeaderDelegate.java class (CVE-2020-1695)\n\n* wildfly-elytron: session fixation when using FORM authentication (CVE-2020-10714)\n\n* dom4j: XML External Entity vulnerability in default SAX parser (CVE-2020-10683)\n\n* wildfly: Improper authorization issue in WildFlySecurityManager when using alternative protection domain (CVE-2020-1748)\n\n* hibernate-validator: Improper input validation in the interpolation of constraint error messages (CVE-2020-10693)\n\n* hibernate-core: hibernate: SQL injection issue in Hibernate ORM (CVE-2019-14900)\n\n* wildfly: exposed setting of TCCL via the EmbeddedManagedProcess API (CVE-2020-10718)\n\n\u2022 wildfly: unsafe deserialization in Wildfly Enterprise Java Beans (CVE-2020-10740)\n\n* jboss-ejb-client: wildfly: EJB SessionOpenInvocations may not be removed properly after a response is received causing Denial of Service (CVE-2020-14307)\n\n* jboss-ejb-client: wildfly: Some EJB transaction objects may get accumulated causing Denial of Service (CVE-2020-14297)\n\nFor more details about the security issue(s), including the impact, a CVSS score, and other related information, see the CVE page(s) listed in the References section.", "title": "Details" }, { "category": "legal_disclaimer", "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.", "title": "Terms of Use" } ], "publisher": { "category": "vendor", "contact_details": "https://access.redhat.com/security/team/contact/", "issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.", "name": "Red Hat Product Security", "namespace": "https://www.redhat.com" }, "references": [ { "category": "self", "summary": "https://access.redhat.com/errata/RHSA-2020:3642", "url": "https://access.redhat.com/errata/RHSA-2020:3642" }, { "category": "external", "summary": "https://access.redhat.com/security/updates/classification/#important", "url": "https://access.redhat.com/security/updates/classification/#important" }, { "category": "external", "summary": "https://access.redhat.com/documentation/en-us/red_hat_jboss_enterprise_application_platform/7.2/", "url": "https://access.redhat.com/documentation/en-us/red_hat_jboss_enterprise_application_platform/7.2/" }, { "category": "external", "summary": "https://access.redhat.com/documentation/en-us/red_hat_jboss_enterprise_application_platform/7.2/html-single/installation_guide/", "url": "https://access.redhat.com/documentation/en-us/red_hat_jboss_enterprise_application_platform/7.2/html-single/installation_guide/" }, { "category": "external", "summary": "1666499", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1666499" }, { "category": "external", "summary": "1694235", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1694235" }, { "category": "external", "summary": "1730462", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1730462" }, { "category": "external", "summary": "1785049", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1785049" }, { "category": "external", "summary": "1793970", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1793970" }, { "category": "external", "summary": "1805006", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1805006" }, { "category": "external", "summary": "1805501", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1805501" }, { "category": "external", "summary": "1807707", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1807707" }, { "category": "external", "summary": "1815470", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1815470" }, { "category": "external", "summary": "1815495", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1815495" }, { "category": "external", "summary": "1816330", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1816330" }, { "category": "external", "summary": "1816332", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1816332" }, { "category": "external", "summary": "1816337", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1816337" }, { "category": "external", "summary": "1816340", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1816340" }, { "category": "external", "summary": "1825714", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1825714" }, { "category": "external", "summary": "1828476", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1828476" }, { "category": "external", "summary": "1834512", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1834512" }, { "category": "external", "summary": "1851327", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1851327" }, { "category": "external", "summary": "1853595", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1853595" }, { "category": "external", "summary": "JBEAP-18366", "url": "https://issues.redhat.com/browse/JBEAP-18366" }, { "category": "external", "summary": "JBEAP-18667", "url": "https://issues.redhat.com/browse/JBEAP-18667" }, { "category": "external", "summary": "JBEAP-18849", "url": "https://issues.redhat.com/browse/JBEAP-18849" }, { "category": "external", "summary": "JBEAP-18880", "url": "https://issues.redhat.com/browse/JBEAP-18880" }, { "category": "external", "summary": "JBEAP-18906", "url": "https://issues.redhat.com/browse/JBEAP-18906" }, { "category": "external", "summary": "JBEAP-18919", "url": "https://issues.redhat.com/browse/JBEAP-18919" }, { "category": "external", "summary": "JBEAP-18965", "url": "https://issues.redhat.com/browse/JBEAP-18965" }, { "category": "external", "summary": "JBEAP-19058", "url": "https://issues.redhat.com/browse/JBEAP-19058" }, { "category": "external", "summary": "JBEAP-19120", "url": "https://issues.redhat.com/browse/JBEAP-19120" }, { "category": "external", "summary": "JBEAP-19255", "url": "https://issues.redhat.com/browse/JBEAP-19255" }, { "category": "external", "summary": "JBEAP-19271", "url": "https://issues.redhat.com/browse/JBEAP-19271" }, { "category": "external", "summary": "JBEAP-19315", "url": "https://issues.redhat.com/browse/JBEAP-19315" }, { "category": "external", "summary": "JBEAP-19463", "url": "https://issues.redhat.com/browse/JBEAP-19463" }, { "category": "external", "summary": "JBEAP-19565", "url": "https://issues.redhat.com/browse/JBEAP-19565" }, { "category": "external", "summary": "JBEAP-19587", "url": "https://issues.redhat.com/browse/JBEAP-19587" }, { "category": "external", "summary": "JBEAP-19620", "url": "https://issues.redhat.com/browse/JBEAP-19620" }, { "category": "external", "summary": "JBEAP-19624", "url": "https://issues.redhat.com/browse/JBEAP-19624" }, { "category": "external", "summary": "JBEAP-19703", "url": "https://issues.redhat.com/browse/JBEAP-19703" }, { "category": "external", "summary": "JBEAP-19704", "url": "https://issues.redhat.com/browse/JBEAP-19704" }, { "category": "external", "summary": "JBEAP-19798", "url": "https://issues.redhat.com/browse/JBEAP-19798" }, { "category": "external", "summary": "JBEAP-19837", "url": "https://issues.redhat.com/browse/JBEAP-19837" }, { "category": "external", "summary": "JBEAP-19875", "url": "https://issues.redhat.com/browse/JBEAP-19875" }, { "category": "self", "summary": "Canonical URL", "url": "https://security.access.redhat.com/data/csaf/v2/advisories/2020/rhsa-2020_3642.json" } ], "title": "Red Hat Security Advisory: Red Hat JBoss Enterprise Application Platform 7.2.9 security update", "tracking": { "current_release_date": "2024-11-05T22:40:39+00:00", "generator": { "date": "2024-11-05T22:40:39+00:00", "engine": { "name": "Red Hat SDEngine", "version": "4.1.1" } }, "id": "RHSA-2020:3642", "initial_release_date": "2020-09-07T13:05:33+00:00", "revision_history": [ { "date": "2020-09-07T13:05:33+00:00", "number": "1", "summary": "Initial version" }, { "date": "2020-09-07T13:05:33+00:00", "number": "2", "summary": "Last updated version" }, { "date": "2024-11-05T22:40:39+00:00", "number": "3", "summary": "Last generated version" } ], "status": "final", "version": "3" } }, "product_tree": { "branches": [ { "branches": [ { "branches": [ { "category": "product_name", "name": "Red Hat JBoss Enterprise Application Platform 7", "product": { "name": "Red Hat JBoss Enterprise Application Platform 7", "product_id": "Red Hat JBoss Enterprise Application Platform 7", "product_identification_helper": { "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:7.2.0" } } } ], "category": "product_family", "name": "Red Hat JBoss Enterprise Application Platform" } ], "category": "vendor", "name": "Red Hat" } ] }, "vulnerabilities": [ { "acknowledgments": [ { "names": [ "Guillaume Smet" ], "organization": "Red Hat", "summary": "This issue was discovered by Red Hat." } ], "cve": "CVE-2019-14900", "cwe": { "id": "CWE-89", "name": "Improper Neutralization of Special Elements used in an SQL Command (\u0027SQL Injection\u0027)" }, "discovery_date": "2019-01-15T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1666499" } ], "notes": [ { "category": "description", "text": "A flaw was found in Hibernate ORM. A SQL injection in the implementation of the JPA Criteria API can permit unsanitized literals when a literal is used in the SELECT or GROUP BY parts of the query. This flaw could allow an attacker to access unauthorized information or possibly conduct further attacks.", "title": "Vulnerability description" }, { "category": "summary", "text": "hibernate: SQL injection issue in Hibernate ORM", "title": "Vulnerability summary" }, { "category": "other", "text": "OpenDaylight:\nIn RHOSP10, RHOSP13 and RHOSP14 editions of Red Hat OpenStack platform, the hibernate-jfa library shipped with OpenDaylight is contains a flaw in the processing of SQL queries. The hibernate-jha implemenation is not used in a vulnerable way in OpenDaylight, preventing the potential for SQL injection.\n\nRed Hat Satellite 6.2, 6.3 and 6.4 contains affected versions of hibernate-core in its candlepin component. However, that component does not use hibernate-core in a vulnerable way.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Red Hat JBoss Enterprise Application Platform 7" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2019-14900" }, { "category": "external", "summary": "RHBZ#1666499", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1666499" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2019-14900", "url": "https://www.cve.org/CVERecord?id=CVE-2019-14900" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2019-14900", "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-14900" } ], "release_date": "2020-05-12T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2020-09-07T13:05:33+00:00", "details": "Before applying this update, back up your existing Red Hat JBoss Enterprise Application Platform installation and deployed applications.\n\nThe References section of this erratum contains a download link (you must log in to download the update).\n\nThe JBoss server process must be restarted for the update to take effect.", "product_ids": [ "Red Hat JBoss Enterprise Application Platform 7" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2020:3642" }, { "category": "workaround", "details": "There is no currently known mitigation for this flaw.", "product_ids": [ "Red Hat JBoss Enterprise Application Platform 7" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "version": "3.1" }, "products": [ "Red Hat JBoss Enterprise Application Platform 7" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "hibernate: SQL injection issue in Hibernate ORM" }, { "acknowledgments": [ { "names": [ "Mirko Selber" ], "organization": "Compass Security" } ], "cve": "CVE-2020-1695", "cwe": { "id": "CWE-20", "name": "Improper Input Validation" }, "discovery_date": "2019-07-16T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1730462" } ], "notes": [ { "category": "description", "text": "A flaw was found in Resteasy, where an improper input validation results in returning an illegal header that integrates into the server\u0027s response. This flaw may result in an injection, which leads to unexpected behavior when the HTTP response is constructed.", "title": "Vulnerability description" }, { "category": "summary", "text": "resteasy: Improper validation of response header in MediaTypeHeaderDelegate.java class", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Red Hat JBoss Enterprise Application Platform 7" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2020-1695" }, { "category": "external", "summary": "RHBZ#1730462", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1730462" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2020-1695", "url": "https://www.cve.org/CVERecord?id=CVE-2020-1695" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-1695", "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-1695" } ], "release_date": "2020-04-15T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2020-09-07T13:05:33+00:00", "details": "Before applying this update, back up your existing Red Hat JBoss Enterprise Application Platform installation and deployed applications.\n\nThe References section of this erratum contains a download link (you must log in to download the update).\n\nThe JBoss server process must be restarted for the update to take effect.", "product_ids": [ "Red Hat JBoss Enterprise Application Platform 7" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2020:3642" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", "version": "3.0" }, "products": [ "Red Hat JBoss Enterprise Application Platform 7" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "resteasy: Improper validation of response header in MediaTypeHeaderDelegate.java class" }, { "cve": "CVE-2020-1710", "cwe": { "id": "CWE-113", "name": "Improper Neutralization of CRLF Sequences in HTTP Headers (\u0027HTTP Request/Response Splitting\u0027)" }, "discovery_date": "2019-12-20T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1793970" } ], "notes": [ { "category": "description", "text": "A flaw was discovered in JBoss EAP, where it does not process the header field-name in accordance with RFC7230. Whitespace between the header field-name and colon is processed, resulting in an HTTP response code of 200 instead of a bad request of 400.", "title": "Vulnerability description" }, { "category": "summary", "text": "EAP: field-name is not parsed in accordance to RFC7230", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Red Hat JBoss Enterprise Application Platform 7" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2020-1710" }, { "category": "external", "summary": "RHBZ#1793970", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1793970" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2020-1710", "url": "https://www.cve.org/CVERecord?id=CVE-2020-1710" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-1710", "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-1710" } ], "release_date": "2020-08-06T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2020-09-07T13:05:33+00:00", "details": "Before applying this update, back up your existing Red Hat JBoss Enterprise Application Platform installation and deployed applications.\n\nThe References section of this erratum contains a download link (you must log in to download the update).\n\nThe JBoss server process must be restarted for the update to take effect.", "product_ids": [ "Red Hat JBoss Enterprise Application Platform 7" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2020:3642" }, { "category": "workaround", "details": "There is currently no known mitigation for this issue.", "product_ids": [ "Red Hat JBoss Enterprise Application Platform 7" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", "version": "3.1" }, "products": [ "Red Hat JBoss Enterprise Application Platform 7" ] } ], "threats": [ { "category": "impact", "details": "Important" } ], "title": "EAP: field-name is not parsed in accordance to RFC7230" }, { "cve": "CVE-2020-1748", "cwe": { "id": "CWE-285", "name": "Improper Authorization" }, "discovery_date": "2020-02-26T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1807707" } ], "notes": [ { "category": "description", "text": "A flaw was found in Wildfly, where the WildFlySecurityManager checks were bypassed when using custom security managers, resulting in an improper authorization. This flaw leads to information exposure by unauthenticated access to secure resources.", "title": "Vulnerability description" }, { "category": "summary", "text": "Wildfly: Improper authorization issue in WildFlySecurityManager when using alternative protection domain", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Red Hat JBoss Enterprise Application Platform 7" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2020-1748" }, { "category": "external", "summary": "RHBZ#1807707", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1807707" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2020-1748", "url": "https://www.cve.org/CVERecord?id=CVE-2020-1748" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-1748", "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-1748" } ], "release_date": "2020-08-06T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2020-09-07T13:05:33+00:00", "details": "Before applying this update, back up your existing Red Hat JBoss Enterprise Application Platform installation and deployed applications.\n\nThe References section of this erratum contains a download link (you must log in to download the update).\n\nThe JBoss server process must be restarted for the update to take effect.", "product_ids": [ "Red Hat JBoss Enterprise Application Platform 7" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2020:3642" } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 4.8, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N", "version": "3.1" }, "products": [ "Red Hat JBoss Enterprise Application Platform 7" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "Wildfly: Improper authorization issue in WildFlySecurityManager when using alternative protection domain" }, { "acknowledgments": [ { "names": [ "An Trinh" ] } ], "cve": "CVE-2020-6950", "cwe": { "id": "CWE-22", "name": "Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)" }, "discovery_date": "2019-12-16T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1805006" } ], "notes": [ { "category": "description", "text": "A flaw was found in Eclipse Mojarra before version 2.3.14, where it is vulnerable to a path traversal flaw via the loc parameter or the con parameter. An attacker could exploit this flaw to read arbitrary files.", "title": "Vulnerability description" }, { "category": "summary", "text": "Mojarra: Path traversal via either the loc parameter or the con parameter, incomplete fix of CVE-2018-14371", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Red Hat JBoss Enterprise Application Platform 7" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2020-6950" }, { "category": "external", "summary": "RHBZ#1805006", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1805006" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2020-6950", "url": "https://www.cve.org/CVERecord?id=CVE-2020-6950" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-6950", "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-6950" }, { "category": "external", "summary": "https://bugs.eclipse.org/bugs/show_bug.cgi?id=550943", "url": "https://bugs.eclipse.org/bugs/show_bug.cgi?id=550943" }, { "category": "external", "summary": "https://github.com/eclipse-ee4j/mojarra/commit/1b434748d9239f42eae8aa7d37d7a0930c061e24", "url": "https://github.com/eclipse-ee4j/mojarra/commit/1b434748d9239f42eae8aa7d37d7a0930c061e24" }, { "category": "external", "summary": "https://github.com/eclipse-ee4j/mojarra/commit/cefbb9447e7be560e59da2da6bd7cb93776f7741", "url": "https://github.com/eclipse-ee4j/mojarra/commit/cefbb9447e7be560e59da2da6bd7cb93776f7741" }, { "category": "external", "summary": "https://github.com/eclipse-ee4j/mojarra/issues/4571", "url": "https://github.com/eclipse-ee4j/mojarra/issues/4571" }, { "category": "external", "summary": "https://github.com/javaserverfaces/mojarra/issues/4364", "url": "https://github.com/javaserverfaces/mojarra/issues/4364" } ], "release_date": "2020-02-20T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2020-09-07T13:05:33+00:00", "details": "Before applying this update, back up your existing Red Hat JBoss Enterprise Application Platform installation and deployed applications.\n\nThe References section of this erratum contains a download link (you must log in to download the update).\n\nThe JBoss server process must be restarted for the update to take effect.", "product_ids": [ "Red Hat JBoss Enterprise Application Platform 7" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2020:3642" }, { "category": "workaround", "details": "There is no currently known mitigation for this flaw.", "product_ids": [ "Red Hat JBoss Enterprise Application Platform 7" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N", "version": "3.1" }, "products": [ "Red Hat JBoss Enterprise Application Platform 7" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "Mojarra: Path traversal via either the loc parameter or the con parameter, incomplete fix of CVE-2018-14371" }, { "cve": "CVE-2020-8840", "cwe": { "id": "CWE-502", "name": "Deserialization of Untrusted Data" }, "discovery_date": "2020-03-02T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1816330" } ], "notes": [ { "category": "description", "text": "A flaw was found in FasterXML jackson-databind in versions 2.0.0 through 2.9.10.2. A \"gadget\" exploit is possible due to a lack of a Java object being blocking from being deserialized. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.", "title": "Vulnerability description" }, { "category": "summary", "text": "jackson-databind: Lacks certain xbean-reflect/JNDI blocking", "title": "Vulnerability summary" }, { "category": "other", "text": "Red Hat OpenStack Platform ships OpenDaylight, which contains the vulnerable jackson-databind. However, OpenDaylight does not expose jackson-databind in a way that would make it vulnerable, lowering the impact of the vulnerability for OpenDaylight. As such, Red Hat will not be providing a fix for OpenDaylight at this time.\n\nWhile OpenShift Container Platform\u0027s elasticsearch plugins do ship the vulnerable component, it doesn\u0027t do any of the unsafe things described in https://access.redhat.com/solutions/3279231. We may update the jackson-databind dependency in a future release.\n\nRed Hat Satellite 6 does not enable polymorphic deserialization which is a required configuration for the vulnerability to be used. We may update the jackson-databind dependency in a future release.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Red Hat JBoss Enterprise Application Platform 7" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2020-8840" }, { "category": "external", "summary": "RHBZ#1816330", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1816330" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2020-8840", "url": "https://www.cve.org/CVERecord?id=CVE-2020-8840" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-8840", "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-8840" } ], "release_date": "2020-03-02T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2020-09-07T13:05:33+00:00", "details": "Before applying this update, back up your existing Red Hat JBoss Enterprise Application Platform installation and deployed applications.\n\nThe References section of this erratum contains a download link (you must log in to download the update).\n\nThe JBoss server process must be restarted for the update to take effect.", "product_ids": [ "Red Hat JBoss Enterprise Application Platform 7" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2020:3642" } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.1, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "Red Hat JBoss Enterprise Application Platform 7" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "jackson-databind: Lacks certain xbean-reflect/JNDI blocking" }, { "cve": "CVE-2020-9546", "cwe": { "id": "CWE-502", "name": "Deserialization of Untrusted Data" }, "discovery_date": "2020-03-02T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1816332" } ], "notes": [ { "category": "description", "text": "A flaw was found in jackson-databind 2.x in versions prior to 2.9.10.4. FasterXML jackson-databind 2.x mishandles the interaction between serialization gadgets and typing. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.", "title": "Vulnerability description" }, { "category": "summary", "text": "jackson-databind: Serialization gadgets in shaded-hikari-config", "title": "Vulnerability summary" }, { "category": "other", "text": "Red Hat OpenStack Platform ships OpenDaylight, which contains the vulnerable jackson-databind. However, OpenDaylight does not expose jackson-databind in a way that would make it vulnerable, lowering the impact of the vulnerability for OpenDaylight. As such, Red Hat will not be providing a fix for OpenDaylight at this time.\n\nWhile OpenShift Container Platform\u0027s elasticsearch plugins do ship the vulnerable component, it doesn\u0027t do any of the unsafe things described in https://access.redhat.com/solutions/3279231. We may update the jackson-databind dependency in a future release.\n\nRed Hat Satellite 6 does not enable polymorphic deserialization which is a required configuration for the vulnerability to be used. We may update the jackson-databind dependency in a future release.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Red Hat JBoss Enterprise Application Platform 7" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2020-9546" }, { "category": "external", "summary": "RHBZ#1816332", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1816332" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2020-9546", "url": "https://www.cve.org/CVERecord?id=CVE-2020-9546" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-9546", "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-9546" } ], "release_date": "2020-03-02T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2020-09-07T13:05:33+00:00", "details": "Before applying this update, back up your existing Red Hat JBoss Enterprise Application Platform installation and deployed applications.\n\nThe References section of this erratum contains a download link (you must log in to download the update).\n\nThe JBoss server process must be restarted for the update to take effect.", "product_ids": [ "Red Hat JBoss Enterprise Application Platform 7" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2020:3642" } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.1, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "Red Hat JBoss Enterprise Application Platform 7" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "jackson-databind: Serialization gadgets in shaded-hikari-config" }, { "cve": "CVE-2020-9547", "cwe": { "id": "CWE-502", "name": "Deserialization of Untrusted Data" }, "discovery_date": "2020-03-02T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1816337" } ], "notes": [ { "category": "description", "text": "A flaw was found in jackson-databind 2.x. FasterXML jackson-databind 2.x mishandles the interaction between serialization gadgets and typing. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.", "title": "Vulnerability description" }, { "category": "summary", "text": "jackson-databind: Serialization gadgets in ibatis-sqlmap", "title": "Vulnerability summary" }, { "category": "other", "text": "Red Hat OpenStack Platform ships OpenDaylight, which contains the vulnerable jackson-databind. However, OpenDaylight does not expose jackson-databind in a way that would make it vulnerable, lowering the impact of the vulnerability for OpenDaylight. As such, Red Hat will not be providing a fix for OpenDaylight at this time.\n\nWhile OpenShift Container Platform\u0027s elasticsearch plugins do ship the vulnerable component, it doesn\u0027t do any of the unsafe things described in https://access.redhat.com/solutions/3279231. We may update the jackson-databind dependency in a future release.\n\nRed Hat Satellite 6 does not enable polymorphic deserialization which is a required configuration for the vulnerability to be used. We may update the jackson-databind dependency in a future release.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Red Hat JBoss Enterprise Application Platform 7" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2020-9547" }, { "category": "external", "summary": "RHBZ#1816337", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1816337" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2020-9547", "url": "https://www.cve.org/CVERecord?id=CVE-2020-9547" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-9547", "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-9547" } ], "release_date": "2020-03-02T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2020-09-07T13:05:33+00:00", "details": "Before applying this update, back up your existing Red Hat JBoss Enterprise Application Platform installation and deployed applications.\n\nThe References section of this erratum contains a download link (you must log in to download the update).\n\nThe JBoss server process must be restarted for the update to take effect.", "product_ids": [ "Red Hat JBoss Enterprise Application Platform 7" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2020:3642" } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.1, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "Red Hat JBoss Enterprise Application Platform 7" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "jackson-databind: Serialization gadgets in ibatis-sqlmap" }, { "cve": "CVE-2020-9548", "cwe": { "id": "CWE-502", "name": "Deserialization of Untrusted Data" }, "discovery_date": "2020-03-02T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1816340" } ], "notes": [ { "category": "description", "text": "A flaw was found in jackson-databind 2.x. FasterXML jackson-databind 2.x mishandles the interaction between serialization gadgets and typing. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.", "title": "Vulnerability description" }, { "category": "summary", "text": "jackson-databind: Serialization gadgets in anteros-core", "title": "Vulnerability summary" }, { "category": "other", "text": "Red Hat OpenStack Platform ships OpenDaylight, which contains the vulnerable jackson-databind. However, OpenDaylight does not expose jackson-databind in a way that would make it vulnerable, lowering the impact of the vulnerability for OpenDaylight. As such, Red Hat will not be providing a fix for OpenDaylight at this time.\n\nWhile OpenShift Container Platform\u0027s elasticsearch plugins do ship the vulnerable component, it doesn\u0027t do any of the unsafe things described in https://access.redhat.com/solutions/3279231. We may update the jackson-databind dependency in a future release.\n\nRed Hat Satellite 6 does not enable polymorphic deserialization which is a required configuration for the vulnerability to be used. We may update the jackson-databind dependency in a future release.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Red Hat JBoss Enterprise Application Platform 7" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2020-9548" }, { "category": "external", "summary": "RHBZ#1816340", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1816340" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2020-9548", "url": "https://www.cve.org/CVERecord?id=CVE-2020-9548" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-9548", "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-9548" } ], "release_date": "2020-03-02T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2020-09-07T13:05:33+00:00", "details": "Before applying this update, back up your existing Red Hat JBoss Enterprise Application Platform installation and deployed applications.\n\nThe References section of this erratum contains a download link (you must log in to download the update).\n\nThe JBoss server process must be restarted for the update to take effect.", "product_ids": [ "Red Hat JBoss Enterprise Application Platform 7" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2020:3642" } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.1, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "Red Hat JBoss Enterprise Application Platform 7" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "jackson-databind: Serialization gadgets in anteros-core" }, { "cve": "CVE-2020-10672", "cwe": { "id": "CWE-96", "name": "Improper Neutralization of Directives in Statically Saved Code (\u0027Static Code Injection\u0027)" }, "discovery_date": "2020-03-19T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1815495" } ], "notes": [ { "category": "description", "text": "A flaw was found in jackson-databind 2.x in versions prior to 2.9.10.4. FasterXML jackson-databind 2.x mishandles the interaction between serialization gadgets and typing. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.", "title": "Vulnerability description" }, { "category": "summary", "text": "jackson-databind: mishandles the interaction between serialization gadgets and typing which could result in remote command execution", "title": "Vulnerability summary" }, { "category": "other", "text": "Red Hat OpenStack Platform ships OpenDaylight, which contains the vulnerable jackson-databind. However, OpenDaylight does not expose jackson-databind in a way that would make it vulnerable, lowering the impact of the vulnerability for OpenDaylight. As such, Red Hat will not be providing a fix for OpenDaylight at this time.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Red Hat JBoss Enterprise Application Platform 7" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2020-10672" }, { "category": "external", "summary": "RHBZ#1815495", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1815495" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2020-10672", "url": "https://www.cve.org/CVERecord?id=CVE-2020-10672" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-10672", "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-10672" } ], "release_date": "2020-03-15T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2020-09-07T13:05:33+00:00", "details": "Before applying this update, back up your existing Red Hat JBoss Enterprise Application Platform installation and deployed applications.\n\nThe References section of this erratum contains a download link (you must log in to download the update).\n\nThe JBoss server process must be restarted for the update to take effect.", "product_ids": [ "Red Hat JBoss Enterprise Application Platform 7" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2020:3642" } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.1, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "Red Hat JBoss Enterprise Application Platform 7" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "jackson-databind: mishandles the interaction between serialization gadgets and typing which could result in remote command execution" }, { "cve": "CVE-2020-10673", "cwe": { "id": "CWE-96", "name": "Improper Neutralization of Directives in Statically Saved Code (\u0027Static Code Injection\u0027)" }, "discovery_date": "2020-03-19T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1815470" } ], "notes": [ { "category": "description", "text": "A flaw was found in jackson-databind 2.x in versions prior to 2.9.10.4. FasterXML jackson-databind 2.x mishandles the interaction between serialization gadgets and typing. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.", "title": "Vulnerability description" }, { "category": "summary", "text": "jackson-databind: mishandles the interaction between serialization gadgets and typing which could result in remote command execution", "title": "Vulnerability summary" }, { "category": "other", "text": "Red Hat OpenStack Platform ships OpenDaylight, which contains the vulnerable jackson-databind. However, OpenDaylight does not expose jackson-databind in a way that would make it vulnerable, lowering the impact of the vulnerability for OpenDaylight. As such, Red Hat will not be providing a fix for OpenDaylight at this time. Additionally, the gadget is not available within Red Hat Openstack Platform\u0027s OpenDaylight.\n\nWhile OpenShift Container Platform\u0027s elasticsearch plugins do ship the vulnerable component, it doesn\u0027t do any of the unsafe things described in https://access.redhat.com/solutions/3279231. We may update the jackson-databind dependency in a future release.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Red Hat JBoss Enterprise Application Platform 7" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2020-10673" }, { "category": "external", "summary": "RHBZ#1815470", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1815470" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2020-10673", "url": "https://www.cve.org/CVERecord?id=CVE-2020-10673" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-10673", "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-10673" } ], "release_date": "2020-03-18T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2020-09-07T13:05:33+00:00", "details": "Before applying this update, back up your existing Red Hat JBoss Enterprise Application Platform installation and deployed applications.\n\nThe References section of this erratum contains a download link (you must log in to download the update).\n\nThe JBoss server process must be restarted for the update to take effect.", "product_ids": [ "Red Hat JBoss Enterprise Application Platform 7" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2020:3642" } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 5.6, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L", "version": "3.1" }, "products": [ "Red Hat JBoss Enterprise Application Platform 7" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "jackson-databind: mishandles the interaction between serialization gadgets and typing which could result in remote command execution" }, { "acknowledgments": [ { "names": [ "Adith Sudhakar" ] } ], "cve": "CVE-2020-10683", "cwe": { "id": "CWE-611", "name": "Improper Restriction of XML External Entity Reference" }, "discovery_date": "2019-03-28T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1694235" } ], "notes": [ { "category": "description", "text": "dom4j before 2.0.3 and 2.1.x before 2.1.3 allows external DTDs and External Entities by default, which might enable XXE attacks. However, there is popular external documentation from OWASP showing how to enable the safe, non-default behavior in any application that uses dom4j.", "title": "Vulnerability description" }, { "category": "summary", "text": "dom4j: XML External Entity vulnerability in default SAX parser", "title": "Vulnerability summary" }, { "category": "other", "text": "OpenShift Container Platform ships a vulnerable version of dom4j library. However it\u0027s used to parse configuration files, which are local disk resources. We\u0027ve rated this issue with a moderate impact for OpenShift Container Platform.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Red Hat JBoss Enterprise Application Platform 7" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2020-10683" }, { "category": "external", "summary": "RHBZ#1694235", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1694235" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2020-10683", "url": "https://www.cve.org/CVERecord?id=CVE-2020-10683" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-10683", "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-10683" } ], "release_date": "2020-04-15T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2020-09-07T13:05:33+00:00", "details": "Before applying this update, back up your existing Red Hat JBoss Enterprise Application Platform installation and deployed applications.\n\nThe References section of this erratum contains a download link (you must log in to download the update).\n\nThe JBoss server process must be restarted for the update to take effect.", "product_ids": [ "Red Hat JBoss Enterprise Application Platform 7" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2020:3642" } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 5.0, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:L", "version": "3.1" }, "products": [ "Red Hat JBoss Enterprise Application Platform 7" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "dom4j: XML External Entity vulnerability in default SAX parser" }, { "acknowledgments": [ { "names": [ "Aaron Ogburn" ], "organization": "Red Hat", "summary": "This issue was discovered by Red Hat." } ], "cve": "CVE-2020-10687", "cwe": { "id": "CWE-444", "name": "Inconsistent Interpretation of HTTP Requests (\u0027HTTP Request/Response Smuggling\u0027)" }, "discovery_date": "2019-06-27T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1785049" } ], "notes": [ { "category": "description", "text": "A flaw was discovered in Undertow where HTTP request smuggling related to CVE-2017-2666 is possible against HTTP/1.x and HTTP/2 due to permitting invalid characters in an HTTP request. This flaw allows an attacker to poison a web-cache, perform an XSS attack, or obtain sensitive information from request other than their own.", "title": "Vulnerability description" }, { "category": "summary", "text": "Undertow: Incomplete fix for CVE-2017-2666 due to permitting invalid characters in HTTP requests", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Red Hat JBoss Enterprise Application Platform 7" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2020-10687" }, { "category": "external", "summary": "RHBZ#1785049", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1785049" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2020-10687", "url": "https://www.cve.org/CVERecord?id=CVE-2020-10687" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-10687", "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-10687" } ], "release_date": "2020-04-15T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2020-09-07T13:05:33+00:00", "details": "Before applying this update, back up your existing Red Hat JBoss Enterprise Application Platform installation and deployed applications.\n\nThe References section of this erratum contains a download link (you must log in to download the update).\n\nThe JBoss server process must be restarted for the update to take effect.", "product_ids": [ "Red Hat JBoss Enterprise Application Platform 7" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2020:3642" } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 4.8, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N", "version": "3.0" }, "products": [ "Red Hat JBoss Enterprise Application Platform 7" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "Undertow: Incomplete fix for CVE-2017-2666 due to permitting invalid characters in HTTP requests" }, { "acknowledgments": [ { "names": [ "Alvaro Mu\u00f1oz" ], "organization": "GitHub Security Labs" } ], "cve": "CVE-2020-10693", "cwe": { "id": "CWE-20", "name": "Improper Input Validation" }, "discovery_date": "2020-02-05T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1805501" } ], "notes": [ { "category": "description", "text": "A flaw was found in Hibernate Validator version 6.1.2.Final. A bug in the message interpolation processor enables invalid EL expressions to be evaluated as if they were valid. This flaw allows attackers to bypass input sanitation (escaping, stripping) controls that developers may have put in place when handling user-controlled data in error messages.", "title": "Vulnerability description" }, { "category": "summary", "text": "hibernate-validator: Improper input validation in the interpolation of constraint error messages", "title": "Vulnerability summary" }, { "category": "other", "text": "hibernate-validator is packaged with Red Hat OpenStack Platform 13.0\u0027s OpenDaylight (ODL). However, because ODL is technical preview in this version and the flaw is moderate, Red Hat will not be releasing a fix for the OpenStack package at this time.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Red Hat JBoss Enterprise Application Platform 7" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2020-10693" }, { "category": "external", "summary": "RHBZ#1805501", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1805501" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2020-10693", "url": "https://www.cve.org/CVERecord?id=CVE-2020-10693" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-10693", "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-10693" } ], "release_date": "2020-05-05T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2020-09-07T13:05:33+00:00", "details": "Before applying this update, back up your existing Red Hat JBoss Enterprise Application Platform installation and deployed applications.\n\nThe References section of this erratum contains a download link (you must log in to download the update).\n\nThe JBoss server process must be restarted for the update to take effect.", "product_ids": [ "Red Hat JBoss Enterprise Application Platform 7" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2020:3642" }, { "category": "workaround", "details": "You can pass user input as an expression variable by unwrapping the context to HibernateConstraintValidatorContext. Please refer to the https://in.relation.to/2020/05/07/hibernate-validator-615-6020-released/ and https://docs.jboss.org/hibernate/stable/validator/reference/en-US/html_single/#_the_code_constraintvalidatorcontext_code.", "product_ids": [ "Red Hat JBoss Enterprise Application Platform 7" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", "version": "3.1" }, "products": [ "Red Hat JBoss Enterprise Application Platform 7" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "hibernate-validator: Improper input validation in the interpolation of constraint error messages" }, { "acknowledgments": [ { "names": [ "Mark Banierink" ], "organization": "Nedap" } ], "cve": "CVE-2020-10714", "cwe": { "id": "CWE-384", "name": "Session Fixation" }, "discovery_date": "2020-03-24T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1825714" } ], "notes": [ { "category": "description", "text": "A flaw was found in WildFly Elytron version 1.11.3.Final and before. When using WildFly Elytron FORM authentication with a session ID in the URL, an attacker could perform a session fixation attack. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.", "title": "Vulnerability description" }, { "category": "summary", "text": "wildfly-elytron: session fixation when using FORM authentication", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Red Hat JBoss Enterprise Application Platform 7" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2020-10714" }, { "category": "external", "summary": "RHBZ#1825714", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1825714" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2020-10714", "url": "https://www.cve.org/CVERecord?id=CVE-2020-10714" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-10714", "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-10714" } ], "release_date": "2020-04-28T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2020-09-07T13:05:33+00:00", "details": "Before applying this update, back up your existing Red Hat JBoss Enterprise Application Platform installation and deployed applications.\n\nThe References section of this erratum contains a download link (you must log in to download the update).\n\nThe JBoss server process must be restarted for the update to take effect.", "product_ids": [ "Red Hat JBoss Enterprise Application Platform 7" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2020:3642" }, { "category": "workaround", "details": "This attack is dependent on the attacker being able to create a session and the victim accessing the session before the session expires, we do have a 15 minute session timeout by default but the attacker could also keep this alive by say sending in a request every five minutes.\n\nThe server by default supports session tracking by URL and Cookie, if the web.xml is updated to support COOKIE only the exploit is not possible by sharing the link.\n~~~\n \u003csession-config\u003e\n \u003ctracking-mode\u003eURL\u003c/tracking-mode\u003e\n \u003c/session-config\u003e\n~~~\nTO\n~~~\n \u003csession-config\u003e\n \u003ctracking-mode\u003eCOOKIE\u003c/tracking-mode\u003e\n \u003c/session-config\u003e\n~~~", "product_ids": [ "Red Hat JBoss Enterprise Application Platform 7" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "Red Hat JBoss Enterprise Application Platform 7" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "wildfly-elytron: session fixation when using FORM authentication" }, { "acknowledgments": [ { "names": [ "James R. Perkins" ], "organization": "Red Hat", "summary": "This issue was discovered by Red Hat." } ], "cve": "CVE-2020-10718", "cwe": { "id": "CWE-749", "name": "Exposed Dangerous Method or Function" }, "discovery_date": "2020-03-09T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1828476" } ], "notes": [ { "category": "description", "text": "A flaw was found in Wildfly, where the embedded managed process API has an exposed setting of the Thread Context Classloader (TCCL). This setting is exposed as a public method, which can bypass the security manager. The highest threat from this vulnerability is to confidentiality.", "title": "Vulnerability description" }, { "category": "summary", "text": "wildfly: exposed setting of TCCL via the EmbeddedManagedProcess API", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Red Hat JBoss Enterprise Application Platform 7" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2020-10718" }, { "category": "external", "summary": "RHBZ#1828476", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1828476" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2020-10718", "url": "https://www.cve.org/CVERecord?id=CVE-2020-10718" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-10718", "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-10718" } ], "release_date": "2020-08-06T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2020-09-07T13:05:33+00:00", "details": "Before applying this update, back up your existing Red Hat JBoss Enterprise Application Platform installation and deployed applications.\n\nThe References section of this erratum contains a download link (you must log in to download the update).\n\nThe JBoss server process must be restarted for the update to take effect.", "product_ids": [ "Red Hat JBoss Enterprise Application Platform 7" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2020:3642" } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.9, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.1" }, "products": [ "Red Hat JBoss Enterprise Application Platform 7" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "wildfly: exposed setting of TCCL via the EmbeddedManagedProcess API" }, { "acknowledgments": [ { "names": [ "Moritz Bechler" ], "organization": "SySS GmbH" } ], "cve": "CVE-2020-10740", "cwe": { "id": "CWE-502", "name": "Deserialization of Untrusted Data" }, "discovery_date": "2020-03-25T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1834512" } ], "notes": [ { "category": "description", "text": "A flaw was found in Wildfly. A remote deserialization attack is possible in the Enterprise Application Beans (EJB) due to lack of validation/filtering capabilities in wildfly. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availablity.", "title": "Vulnerability description" }, { "category": "summary", "text": "wildfly: unsafe deserialization in Wildfly Enterprise Java Beans", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Red Hat JBoss Enterprise Application Platform 7" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2020-10740" }, { "category": "external", "summary": "RHBZ#1834512", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1834512" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2020-10740", "url": "https://www.cve.org/CVERecord?id=CVE-2020-10740" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-10740", "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-10740" } ], "release_date": "2020-06-02T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2020-09-07T13:05:33+00:00", "details": "Before applying this update, back up your existing Red Hat JBoss Enterprise Application Platform installation and deployed applications.\n\nThe References section of this erratum contains a download link (you must log in to download the update).\n\nThe JBoss server process must be restarted for the update to take effect.", "product_ids": [ "Red Hat JBoss Enterprise Application Platform 7" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2020:3642" }, { "category": "workaround", "details": "There is currently no known mitigation for this issue.", "product_ids": [ "Red Hat JBoss Enterprise Application Platform 7" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "Red Hat JBoss Enterprise Application Platform 7" ] } ], "threats": [ { "category": "impact", "details": "Important" } ], "title": "wildfly: unsafe deserialization in Wildfly Enterprise Java Beans" }, { "cve": "CVE-2020-14297", "cwe": { "id": "CWE-400", "name": "Uncontrolled Resource Consumption" }, "discovery_date": "2020-07-01T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1853595" } ], "notes": [ { "category": "description", "text": "A flaw was found in Wildfly\u0027s EJB Client, where the accumulation of specific EJB transaction objects over time can cause services to slow down and eventually become unavailable. This flaw allows an attacker to cause a denial of service. The highest threat from this vulnerability is to system availability.", "title": "Vulnerability description" }, { "category": "summary", "text": "wildfly: Some EJB transaction objects may get accumulated causing Denial of Service", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Red Hat JBoss Enterprise Application Platform 7" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2020-14297" }, { "category": "external", "summary": "RHBZ#1853595", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1853595" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2020-14297", "url": "https://www.cve.org/CVERecord?id=CVE-2020-14297" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-14297", "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-14297" } ], "release_date": "2020-07-23T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2020-09-07T13:05:33+00:00", "details": "Before applying this update, back up your existing Red Hat JBoss Enterprise Application Platform installation and deployed applications.\n\nThe References section of this erratum contains a download link (you must log in to download the update).\n\nThe JBoss server process must be restarted for the update to take effect.", "product_ids": [ "Red Hat JBoss Enterprise Application Platform 7" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2020:3642" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "Red Hat JBoss Enterprise Application Platform 7" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "wildfly: Some EJB transaction objects may get accumulated causing Denial of Service" }, { "cve": "CVE-2020-14307", "cwe": { "id": "CWE-404", "name": "Improper Resource Shutdown or Release" }, "discovery_date": "2020-06-19T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1851327" } ], "notes": [ { "category": "description", "text": "A vulnerability was found in Wildfly\u0027s Enterprise Java Beans (EJB), where SessionOpenInvocations are never removed from the remote InvocationTracker after a response is received in the EJB Client, as well as the server. This flaw allows an attacker to craft a denial of service attack to make the service unavailable.", "title": "Vulnerability description" }, { "category": "summary", "text": "wildfly: EJB SessionOpenInvocations may not be removed properly after a response is received causing Denial of Service", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Red Hat JBoss Enterprise Application Platform 7" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2020-14307" }, { "category": "external", "summary": "RHBZ#1851327", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1851327" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2020-14307", "url": "https://www.cve.org/CVERecord?id=CVE-2020-14307" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-14307", "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-14307" } ], "release_date": "2020-07-23T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2020-09-07T13:05:33+00:00", "details": "Before applying this update, back up your existing Red Hat JBoss Enterprise Application Platform installation and deployed applications.\n\nThe References section of this erratum contains a download link (you must log in to download the update).\n\nThe JBoss server process must be restarted for the update to take effect.", "product_ids": [ "Red Hat JBoss Enterprise Application Platform 7" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2020:3642" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "Red Hat JBoss Enterprise Application Platform 7" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "wildfly: EJB SessionOpenInvocations may not be removed properly after a response is received causing Denial of Service" } ] }
rhsa-2020_3501
Vulnerability from csaf_redhat
Published
2020-08-18 16:34
Modified
2024-11-05 22:39
Summary
Red Hat Security Advisory: Red Hat Single Sign-On 7.4.2 security update
Notes
Topic
A security update is now available for Red Hat Single Sign-On 7.4 from the Customer Portal.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details
Red Hat Single Sign-On 7.4 is a standalone server, based on the Keycloak project, that provides authentication and standards-based single sign-on capabilities for web and mobile applications.
This release of Red Hat Single Sign-On 7.4.2 serves as a replacement for Red Hat Single Sign-On 7.4.1, and includes bug fixes and enhancements, which are documented in the Release Notes document linked to in the References.
Security Fix(es):
* EAP: field-name is not parsed in accordance to RFC7230 (CVE-2020-1710)
* jackson-databind: mishandles the interaction between serialization gadgets and typing which could result in remote command execution (CVE-2020-10672)
* jackson-databind: mishandles the interaction between serialization gadgets and typing which could result in remote command execution (CVE-2020-10673)
* wildfly: unsafe deserialization in Wildfly Enterprise Java Beans (CVE-2020-10740)
* keycloak: DoS by sending multiple simultaneous requests with a Content-Length header value greater than actual byte count of request body (CVE-2020-10758)
* Wildfly: Improper authorization issue in WildFlySecurityManager when using alternative protection domain (CVE-2020-1748)
* dom4j: XML External Entity vulnerability in default SAX parser (CVE-2020-10683)
* Undertow: Incomplete fix for CVE-2017-2666 due to permitting invalid characters in HTTP requests (CVE-2020-10687)
* hibernate-validator: Improper input validation in the interpolation of constraint error messages (CVE-2020-10693)
* wildfly-elytron: session fixation when using FORM authentication (CVE-2020-10714)
* wildfly: exposed setting of TCCL via the EmbeddedManagedProcess API (CVE-2020-10718)
* wildfly: EJB SessionOpenInvocations may not be removed properly after a response is received causing Denial of Service (CVE-2020-14307)
* netty: compression/decompression codecs don't enforce limits on buffer allocation sizes (CVE-2020-11612)
* keycloak: security headers missing on REST endpoints (CVE-2020-1728)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{ "document": { "aggregate_severity": { "namespace": "https://access.redhat.com/security/updates/classification/", "text": "Important" }, "category": "csaf_security_advisory", "csaf_version": "2.0", "distribution": { "text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.", "tlp": { "label": "WHITE", "url": "https://www.first.org/tlp/" } }, "lang": "en", "notes": [ { "category": "summary", "text": "A security update is now available for Red Hat Single Sign-On 7.4 from the Customer Portal.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.", "title": "Topic" }, { "category": "general", "text": "Red Hat Single Sign-On 7.4 is a standalone server, based on the Keycloak project, that provides authentication and standards-based single sign-on capabilities for web and mobile applications.\n\nThis release of Red Hat Single Sign-On 7.4.2 serves as a replacement for Red Hat Single Sign-On 7.4.1, and includes bug fixes and enhancements, which are documented in the Release Notes document linked to in the References.\n\nSecurity Fix(es):\n\n* EAP: field-name is not parsed in accordance to RFC7230 (CVE-2020-1710)\n\n* jackson-databind: mishandles the interaction between serialization gadgets and typing which could result in remote command execution (CVE-2020-10672)\n\n* jackson-databind: mishandles the interaction between serialization gadgets and typing which could result in remote command execution (CVE-2020-10673)\n\n* wildfly: unsafe deserialization in Wildfly Enterprise Java Beans (CVE-2020-10740)\n\n* keycloak: DoS by sending multiple simultaneous requests with a Content-Length header value greater than actual byte count of request body (CVE-2020-10758)\n\n* Wildfly: Improper authorization issue in WildFlySecurityManager when using alternative protection domain (CVE-2020-1748)\n\n* dom4j: XML External Entity vulnerability in default SAX parser (CVE-2020-10683)\n\n* Undertow: Incomplete fix for CVE-2017-2666 due to permitting invalid characters in HTTP requests (CVE-2020-10687)\n\n* hibernate-validator: Improper input validation in the interpolation of constraint error messages (CVE-2020-10693)\n\n* wildfly-elytron: session fixation when using FORM authentication (CVE-2020-10714)\n\n* wildfly: exposed setting of TCCL via the EmbeddedManagedProcess API (CVE-2020-10718)\n\n* wildfly: EJB SessionOpenInvocations may not be removed properly after a response is received causing Denial of Service (CVE-2020-14307)\n\n* netty: compression/decompression codecs don\u0027t enforce limits on buffer allocation sizes (CVE-2020-11612)\n\n* keycloak: security headers missing on REST endpoints (CVE-2020-1728)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.", "title": "Details" }, { "category": "legal_disclaimer", "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.", "title": "Terms of Use" } ], "publisher": { "category": "vendor", "contact_details": "https://access.redhat.com/security/team/contact/", "issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.", "name": "Red Hat Product Security", "namespace": "https://www.redhat.com" }, "references": [ { "category": "self", "summary": "https://access.redhat.com/errata/RHSA-2020:3501", "url": "https://access.redhat.com/errata/RHSA-2020:3501" }, { "category": "external", "summary": "https://access.redhat.com/security/updates/classification/#important", "url": "https://access.redhat.com/security/updates/classification/#important" }, { "category": "external", "summary": "https://access.redhat.com/jbossnetwork/restricted/listSoftware.html?product=core.service.rhsso\u0026downloadType=securityPatches\u0026version=7.4", "url": "https://access.redhat.com/jbossnetwork/restricted/listSoftware.html?product=core.service.rhsso\u0026downloadType=securityPatches\u0026version=7.4" }, { "category": "external", "summary": "https://access.redhat.com/documentation/en-us/red_hat_single_sign-on/7.4/", "url": "https://access.redhat.com/documentation/en-us/red_hat_single_sign-on/7.4/" }, { "category": "external", "summary": "1694235", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1694235" }, { "category": "external", "summary": "1785049", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1785049" }, { "category": "external", "summary": "1793970", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1793970" }, { "category": "external", "summary": "1800585", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1800585" }, { "category": "external", "summary": "1805501", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1805501" }, { "category": "external", "summary": "1807707", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1807707" }, { "category": "external", "summary": "1815470", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1815470" }, { "category": "external", "summary": "1815495", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1815495" }, { "category": "external", "summary": "1816216", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1816216" }, { "category": "external", "summary": "1825714", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1825714" }, { "category": "external", "summary": "1828476", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1828476" }, { "category": "external", "summary": "1834512", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1834512" }, { "category": "external", "summary": "1843849", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1843849" }, { "category": "external", "summary": "1851327", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1851327" }, { "category": "self", "summary": "Canonical URL", "url": "https://security.access.redhat.com/data/csaf/v2/advisories/2020/rhsa-2020_3501.json" } ], "title": "Red Hat Security Advisory: Red Hat Single Sign-On 7.4.2 security update", "tracking": { "current_release_date": "2024-11-05T22:39:57+00:00", "generator": { "date": "2024-11-05T22:39:57+00:00", "engine": { "name": "Red Hat SDEngine", "version": "4.1.1" } }, "id": "RHSA-2020:3501", "initial_release_date": "2020-08-18T16:34:33+00:00", "revision_history": [ { "date": "2020-08-18T16:34:33+00:00", "number": "1", "summary": "Initial version" }, { "date": "2020-08-18T16:34:33+00:00", "number": "2", "summary": "Last updated version" }, { "date": "2024-11-05T22:39:57+00:00", "number": "3", "summary": "Last generated version" } ], "status": "final", "version": "3" } }, "product_tree": { "branches": [ { "branches": [ { "branches": [ { "category": "product_name", "name": "Red Hat Single Sign-On 7.4.2", "product": { "name": "Red Hat Single Sign-On 7.4.2", "product_id": "Red Hat Single Sign-On 7.4.2", "product_identification_helper": { "cpe": "cpe:/a:redhat:jboss_single_sign_on:7.4" } } } ], "category": "product_family", "name": "Red Hat Single Sign-On" } ], "category": "vendor", "name": "Red Hat" } ] }, "vulnerabilities": [ { "cve": "CVE-2020-1710", "cwe": { "id": "CWE-113", "name": "Improper Neutralization of CRLF Sequences in HTTP Headers (\u0027HTTP Request/Response Splitting\u0027)" }, "discovery_date": "2019-12-20T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1793970" } ], "notes": [ { "category": "description", "text": "A flaw was discovered in JBoss EAP, where it does not process the header field-name in accordance with RFC7230. Whitespace between the header field-name and colon is processed, resulting in an HTTP response code of 200 instead of a bad request of 400.", "title": "Vulnerability description" }, { "category": "summary", "text": "EAP: field-name is not parsed in accordance to RFC7230", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Red Hat Single Sign-On 7.4.2" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2020-1710" }, { "category": "external", "summary": "RHBZ#1793970", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1793970" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2020-1710", "url": "https://www.cve.org/CVERecord?id=CVE-2020-1710" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-1710", "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-1710" } ], "release_date": "2020-08-06T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2020-08-18T16:34:33+00:00", "details": "Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nThe References section of this erratum contains a download link (you must log in to download the update).", "product_ids": [ "Red Hat Single Sign-On 7.4.2" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2020:3501" }, { "category": "workaround", "details": "There is currently no known mitigation for this issue.", "product_ids": [ "Red Hat Single Sign-On 7.4.2" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", "version": "3.1" }, "products": [ "Red Hat Single Sign-On 7.4.2" ] } ], "threats": [ { "category": "impact", "details": "Important" } ], "title": "EAP: field-name is not parsed in accordance to RFC7230" }, { "cve": "CVE-2020-1728", "cwe": { "id": "CWE-358", "name": "Improperly Implemented Security Check for Standard" }, "discovery_date": "2020-02-07T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1800585" } ], "notes": [ { "category": "description", "text": "A flaw was found in Keycloak\u2019s Admin Console, where it is missing HTTP security headers in HTTP responses. This issue is not a direct vulnerability and may not lead to a security issue, but increases the chances of allowing attackers to exploit other security flaws. Examples of these possible exploits are servers being prone to clickjacking, channel downgrade attacks, and other similar client-based attack vectors.", "title": "Vulnerability description" }, { "category": "summary", "text": "keycloak: security headers missing on REST endpoints", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Red Hat Single Sign-On 7.4.2" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2020-1728" }, { "category": "external", "summary": "RHBZ#1800585", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1800585" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2020-1728", "url": "https://www.cve.org/CVERecord?id=CVE-2020-1728" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-1728", "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-1728" } ], "release_date": "2019-11-27T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2020-08-18T16:34:33+00:00", "details": "Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nThe References section of this erratum contains a download link (you must log in to download the update).", "product_ids": [ "Red Hat Single Sign-On 7.4.2" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2020:3501" } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 4.8, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N", "version": "3.1" }, "products": [ "Red Hat Single Sign-On 7.4.2" ] } ], "threats": [ { "category": "impact", "details": "Low" } ], "title": "keycloak: security headers missing on REST endpoints" }, { "cve": "CVE-2020-1748", "cwe": { "id": "CWE-285", "name": "Improper Authorization" }, "discovery_date": "2020-02-26T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1807707" } ], "notes": [ { "category": "description", "text": "A flaw was found in Wildfly, where the WildFlySecurityManager checks were bypassed when using custom security managers, resulting in an improper authorization. This flaw leads to information exposure by unauthenticated access to secure resources.", "title": "Vulnerability description" }, { "category": "summary", "text": "Wildfly: Improper authorization issue in WildFlySecurityManager when using alternative protection domain", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Red Hat Single Sign-On 7.4.2" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2020-1748" }, { "category": "external", "summary": "RHBZ#1807707", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1807707" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2020-1748", "url": "https://www.cve.org/CVERecord?id=CVE-2020-1748" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-1748", "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-1748" } ], "release_date": "2020-08-06T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2020-08-18T16:34:33+00:00", "details": "Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nThe References section of this erratum contains a download link (you must log in to download the update).", "product_ids": [ "Red Hat Single Sign-On 7.4.2" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2020:3501" } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 4.8, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N", "version": "3.1" }, "products": [ "Red Hat Single Sign-On 7.4.2" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "Wildfly: Improper authorization issue in WildFlySecurityManager when using alternative protection domain" }, { "cve": "CVE-2020-10672", "cwe": { "id": "CWE-96", "name": "Improper Neutralization of Directives in Statically Saved Code (\u0027Static Code Injection\u0027)" }, "discovery_date": "2020-03-19T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1815495" } ], "notes": [ { "category": "description", "text": "A flaw was found in jackson-databind 2.x in versions prior to 2.9.10.4. FasterXML jackson-databind 2.x mishandles the interaction between serialization gadgets and typing. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.", "title": "Vulnerability description" }, { "category": "summary", "text": "jackson-databind: mishandles the interaction between serialization gadgets and typing which could result in remote command execution", "title": "Vulnerability summary" }, { "category": "other", "text": "Red Hat OpenStack Platform ships OpenDaylight, which contains the vulnerable jackson-databind. However, OpenDaylight does not expose jackson-databind in a way that would make it vulnerable, lowering the impact of the vulnerability for OpenDaylight. As such, Red Hat will not be providing a fix for OpenDaylight at this time.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Red Hat Single Sign-On 7.4.2" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2020-10672" }, { "category": "external", "summary": "RHBZ#1815495", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1815495" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2020-10672", "url": "https://www.cve.org/CVERecord?id=CVE-2020-10672" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-10672", "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-10672" } ], "release_date": "2020-03-15T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2020-08-18T16:34:33+00:00", "details": "Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nThe References section of this erratum contains a download link (you must log in to download the update).", "product_ids": [ "Red Hat Single Sign-On 7.4.2" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2020:3501" } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.1, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "Red Hat Single Sign-On 7.4.2" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "jackson-databind: mishandles the interaction between serialization gadgets and typing which could result in remote command execution" }, { "cve": "CVE-2020-10673", "cwe": { "id": "CWE-96", "name": "Improper Neutralization of Directives in Statically Saved Code (\u0027Static Code Injection\u0027)" }, "discovery_date": "2020-03-19T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1815470" } ], "notes": [ { "category": "description", "text": "A flaw was found in jackson-databind 2.x in versions prior to 2.9.10.4. FasterXML jackson-databind 2.x mishandles the interaction between serialization gadgets and typing. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.", "title": "Vulnerability description" }, { "category": "summary", "text": "jackson-databind: mishandles the interaction between serialization gadgets and typing which could result in remote command execution", "title": "Vulnerability summary" }, { "category": "other", "text": "Red Hat OpenStack Platform ships OpenDaylight, which contains the vulnerable jackson-databind. However, OpenDaylight does not expose jackson-databind in a way that would make it vulnerable, lowering the impact of the vulnerability for OpenDaylight. As such, Red Hat will not be providing a fix for OpenDaylight at this time. Additionally, the gadget is not available within Red Hat Openstack Platform\u0027s OpenDaylight.\n\nWhile OpenShift Container Platform\u0027s elasticsearch plugins do ship the vulnerable component, it doesn\u0027t do any of the unsafe things described in https://access.redhat.com/solutions/3279231. We may update the jackson-databind dependency in a future release.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Red Hat Single Sign-On 7.4.2" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2020-10673" }, { "category": "external", "summary": "RHBZ#1815470", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1815470" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2020-10673", "url": "https://www.cve.org/CVERecord?id=CVE-2020-10673" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-10673", "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-10673" } ], "release_date": "2020-03-18T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2020-08-18T16:34:33+00:00", "details": "Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nThe References section of this erratum contains a download link (you must log in to download the update).", "product_ids": [ "Red Hat Single Sign-On 7.4.2" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2020:3501" } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.1, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "Red Hat Single Sign-On 7.4.2" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "jackson-databind: mishandles the interaction between serialization gadgets and typing which could result in remote command execution" }, { "acknowledgments": [ { "names": [ "Adith Sudhakar" ] } ], "cve": "CVE-2020-10683", "cwe": { "id": "CWE-611", "name": "Improper Restriction of XML External Entity Reference" }, "discovery_date": "2019-03-28T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1694235" } ], "notes": [ { "category": "description", "text": "dom4j before 2.0.3 and 2.1.x before 2.1.3 allows external DTDs and External Entities by default, which might enable XXE attacks. However, there is popular external documentation from OWASP showing how to enable the safe, non-default behavior in any application that uses dom4j.", "title": "Vulnerability description" }, { "category": "summary", "text": "dom4j: XML External Entity vulnerability in default SAX parser", "title": "Vulnerability summary" }, { "category": "other", "text": "OpenShift Container Platform ships a vulnerable version of dom4j library. However it\u0027s used to parse configuration files, which are local disk resources. We\u0027ve rated this issue with a moderate impact for OpenShift Container Platform.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Red Hat Single Sign-On 7.4.2" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2020-10683" }, { "category": "external", "summary": "RHBZ#1694235", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1694235" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2020-10683", "url": "https://www.cve.org/CVERecord?id=CVE-2020-10683" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-10683", "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-10683" } ], "release_date": "2020-04-15T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2020-08-18T16:34:33+00:00", "details": "Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nThe References section of this erratum contains a download link (you must log in to download the update).", "product_ids": [ "Red Hat Single Sign-On 7.4.2" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2020:3501" } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.4, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:H", "version": "3.0" }, "products": [ "Red Hat Single Sign-On 7.4.2" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "dom4j: XML External Entity vulnerability in default SAX parser" }, { "acknowledgments": [ { "names": [ "Aaron Ogburn" ], "organization": "Red Hat", "summary": "This issue was discovered by Red Hat." } ], "cve": "CVE-2020-10687", "cwe": { "id": "CWE-444", "name": "Inconsistent Interpretation of HTTP Requests (\u0027HTTP Request/Response Smuggling\u0027)" }, "discovery_date": "2019-06-27T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1785049" } ], "notes": [ { "category": "description", "text": "A flaw was discovered in Undertow where HTTP request smuggling related to CVE-2017-2666 is possible against HTTP/1.x and HTTP/2 due to permitting invalid characters in an HTTP request. This flaw allows an attacker to poison a web-cache, perform an XSS attack, or obtain sensitive information from request other than their own.", "title": "Vulnerability description" }, { "category": "summary", "text": "Undertow: Incomplete fix for CVE-2017-2666 due to permitting invalid characters in HTTP requests", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Red Hat Single Sign-On 7.4.2" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2020-10687" }, { "category": "external", "summary": "RHBZ#1785049", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1785049" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2020-10687", "url": "https://www.cve.org/CVERecord?id=CVE-2020-10687" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-10687", "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-10687" } ], "release_date": "2020-04-15T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2020-08-18T16:34:33+00:00", "details": "Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nThe References section of this erratum contains a download link (you must log in to download the update).", "product_ids": [ "Red Hat Single Sign-On 7.4.2" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2020:3501" } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 4.8, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N", "version": "3.0" }, "products": [ "Red Hat Single Sign-On 7.4.2" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "Undertow: Incomplete fix for CVE-2017-2666 due to permitting invalid characters in HTTP requests" }, { "acknowledgments": [ { "names": [ "Alvaro Mu\u00f1oz" ], "organization": "GitHub Security Labs" } ], "cve": "CVE-2020-10693", "cwe": { "id": "CWE-20", "name": "Improper Input Validation" }, "discovery_date": "2020-02-05T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1805501" } ], "notes": [ { "category": "description", "text": "A flaw was found in Hibernate Validator version 6.1.2.Final. A bug in the message interpolation processor enables invalid EL expressions to be evaluated as if they were valid. This flaw allows attackers to bypass input sanitation (escaping, stripping) controls that developers may have put in place when handling user-controlled data in error messages.", "title": "Vulnerability description" }, { "category": "summary", "text": "hibernate-validator: Improper input validation in the interpolation of constraint error messages", "title": "Vulnerability summary" }, { "category": "other", "text": "hibernate-validator is packaged with Red Hat OpenStack Platform 13.0\u0027s OpenDaylight (ODL). However, because ODL is technical preview in this version and the flaw is moderate, Red Hat will not be releasing a fix for the OpenStack package at this time.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Red Hat Single Sign-On 7.4.2" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2020-10693" }, { "category": "external", "summary": "RHBZ#1805501", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1805501" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2020-10693", "url": "https://www.cve.org/CVERecord?id=CVE-2020-10693" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-10693", "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-10693" } ], "release_date": "2020-05-05T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2020-08-18T16:34:33+00:00", "details": "Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nThe References section of this erratum contains a download link (you must log in to download the update).", "product_ids": [ "Red Hat Single Sign-On 7.4.2" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2020:3501" }, { "category": "workaround", "details": "You can pass user input as an expression variable by unwrapping the context to HibernateConstraintValidatorContext. Please refer to the https://in.relation.to/2020/05/07/hibernate-validator-615-6020-released/ and https://docs.jboss.org/hibernate/stable/validator/reference/en-US/html_single/#_the_code_constraintvalidatorcontext_code.", "product_ids": [ "Red Hat Single Sign-On 7.4.2" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", "version": "3.1" }, "products": [ "Red Hat Single Sign-On 7.4.2" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "hibernate-validator: Improper input validation in the interpolation of constraint error messages" }, { "acknowledgments": [ { "names": [ "Mark Banierink" ], "organization": "Nedap" } ], "cve": "CVE-2020-10714", "cwe": { "id": "CWE-384", "name": "Session Fixation" }, "discovery_date": "2020-03-24T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1825714" } ], "notes": [ { "category": "description", "text": "A flaw was found in WildFly Elytron version 1.11.3.Final and before. When using WildFly Elytron FORM authentication with a session ID in the URL, an attacker could perform a session fixation attack. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.", "title": "Vulnerability description" }, { "category": "summary", "text": "wildfly-elytron: session fixation when using FORM authentication", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Red Hat Single Sign-On 7.4.2" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2020-10714" }, { "category": "external", "summary": "RHBZ#1825714", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1825714" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2020-10714", "url": "https://www.cve.org/CVERecord?id=CVE-2020-10714" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-10714", "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-10714" } ], "release_date": "2020-04-28T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2020-08-18T16:34:33+00:00", "details": "Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nThe References section of this erratum contains a download link (you must log in to download the update).", "product_ids": [ "Red Hat Single Sign-On 7.4.2" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2020:3501" }, { "category": "workaround", "details": "This attack is dependent on the attacker being able to create a session and the victim accessing the session before the session expires, we do have a 15 minute session timeout by default but the attacker could also keep this alive by say sending in a request every five minutes.\n\nThe server by default supports session tracking by URL and Cookie, if the web.xml is updated to support COOKIE only the exploit is not possible by sharing the link.\n~~~\n \u003csession-config\u003e\n \u003ctracking-mode\u003eURL\u003c/tracking-mode\u003e\n \u003c/session-config\u003e\n~~~\nTO\n~~~\n \u003csession-config\u003e\n \u003ctracking-mode\u003eCOOKIE\u003c/tracking-mode\u003e\n \u003c/session-config\u003e\n~~~", "product_ids": [ "Red Hat Single Sign-On 7.4.2" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "Red Hat Single Sign-On 7.4.2" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "wildfly-elytron: session fixation when using FORM authentication" }, { "acknowledgments": [ { "names": [ "James R. Perkins" ], "organization": "Red Hat", "summary": "This issue was discovered by Red Hat." } ], "cve": "CVE-2020-10718", "cwe": { "id": "CWE-749", "name": "Exposed Dangerous Method or Function" }, "discovery_date": "2020-03-09T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1828476" } ], "notes": [ { "category": "description", "text": "A flaw was found in Wildfly, where the embedded managed process API has an exposed setting of the Thread Context Classloader (TCCL). This setting is exposed as a public method, which can bypass the security manager. The highest threat from this vulnerability is to confidentiality.", "title": "Vulnerability description" }, { "category": "summary", "text": "wildfly: exposed setting of TCCL via the EmbeddedManagedProcess API", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Red Hat Single Sign-On 7.4.2" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2020-10718" }, { "category": "external", "summary": "RHBZ#1828476", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1828476" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2020-10718", "url": "https://www.cve.org/CVERecord?id=CVE-2020-10718" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-10718", "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-10718" } ], "release_date": "2020-08-06T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2020-08-18T16:34:33+00:00", "details": "Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nThe References section of this erratum contains a download link (you must log in to download the update).", "product_ids": [ "Red Hat Single Sign-On 7.4.2" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2020:3501" } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.9, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.1" }, "products": [ "Red Hat Single Sign-On 7.4.2" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "wildfly: exposed setting of TCCL via the EmbeddedManagedProcess API" }, { "acknowledgments": [ { "names": [ "Moritz Bechler" ], "organization": "SySS GmbH" } ], "cve": "CVE-2020-10740", "cwe": { "id": "CWE-502", "name": "Deserialization of Untrusted Data" }, "discovery_date": "2020-03-25T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1834512" } ], "notes": [ { "category": "description", "text": "A flaw was found in Wildfly. A remote deserialization attack is possible in the Enterprise Application Beans (EJB) due to lack of validation/filtering capabilities in wildfly. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availablity.", "title": "Vulnerability description" }, { "category": "summary", "text": "wildfly: unsafe deserialization in Wildfly Enterprise Java Beans", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Red Hat Single Sign-On 7.4.2" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2020-10740" }, { "category": "external", "summary": "RHBZ#1834512", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1834512" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2020-10740", "url": "https://www.cve.org/CVERecord?id=CVE-2020-10740" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-10740", "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-10740" } ], "release_date": "2020-06-02T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2020-08-18T16:34:33+00:00", "details": "Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nThe References section of this erratum contains a download link (you must log in to download the update).", "product_ids": [ "Red Hat Single Sign-On 7.4.2" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2020:3501" }, { "category": "workaround", "details": "There is currently no known mitigation for this issue.", "product_ids": [ "Red Hat Single Sign-On 7.4.2" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "Red Hat Single Sign-On 7.4.2" ] } ], "threats": [ { "category": "impact", "details": "Important" } ], "title": "wildfly: unsafe deserialization in Wildfly Enterprise Java Beans" }, { "acknowledgments": [ { "names": [ "Matt Hamilton" ], "organization": "Soluble.ai" } ], "cve": "CVE-2020-10758", "cwe": { "id": "CWE-400", "name": "Uncontrolled Resource Consumption" }, "discovery_date": "2020-06-02T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1843849" } ], "notes": [ { "category": "description", "text": "A flaw was found in Keycloak. This flaw allows an attacker to perform a denial of service attack by sending multiple simultaneous requests with a Content-Length header value greater than the actual byte count of the request body. The highest threat from this vulnerability is to system availability.", "title": "Vulnerability description" }, { "category": "summary", "text": "keycloak: DoS by sending multiple simultaneous requests with a Content-Length header value greater than actual byte count of request body", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Red Hat Single Sign-On 7.4.2" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2020-10758" }, { "category": "external", "summary": "RHBZ#1843849", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1843849" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2020-10758", "url": "https://www.cve.org/CVERecord?id=CVE-2020-10758" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-10758", "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-10758" } ], "release_date": "2020-08-18T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2020-08-18T16:34:33+00:00", "details": "Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nThe References section of this erratum contains a download link (you must log in to download the update).", "product_ids": [ "Red Hat Single Sign-On 7.4.2" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2020:3501" }, { "category": "workaround", "details": "- The possibility of this issue largely depends on the environment, specifically the load balancer or reverse proxies between the client and the server. The issue occurs when there is no load balancer in place.\n\n- Proper tuning of HTTP request timeout and keycloak database max pool size can mitigate this issue :\nbin/jboss-cli.sh --connect --commands=\u0027/subsystem=transactions:write-attribute(name=default-timeout,value=30),/subsystem=undertow/server=default-server/http-listener=default/:write-attribute(name=read-timeout,value=30000),/subsystem=undertow/server=default-server/https-listener=https/:write-attribute(name=read-timeout,value=30000),/subsystem=datasources/data-source=KeycloakDS/:write-attribute(name=max-pool-size,value=100),reload\u0027", "product_ids": [ "Red Hat Single Sign-On 7.4.2" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "Red Hat Single Sign-On 7.4.2" ] } ], "threats": [ { "category": "impact", "details": "Important" } ], "title": "keycloak: DoS by sending multiple simultaneous requests with a Content-Length header value greater than actual byte count of request body" }, { "cve": "CVE-2020-11612", "cwe": { "id": "CWE-400", "name": "Uncontrolled Resource Consumption" }, "discovery_date": "2020-03-23T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1816216" } ], "notes": [ { "category": "description", "text": "A flaw was found in Netty in the way it handles the amount of data it compresses and decompresses. The Compression/Decompression codecs should enforce memory allocation size limits to avoid an Out of Memory Error (OOME) or exhaustion of the memory pool.", "title": "Vulnerability description" }, { "category": "summary", "text": "netty: compression/decompression codecs don\u0027t enforce limits on buffer allocation sizes", "title": "Vulnerability summary" }, { "category": "other", "text": "In OpenShift Container Platform end users don\u0027t have direct access to send requests to ElasticSearch. A user could need access to the ElasticSearch service on the internal cluster network in order to be able to send malicious requests to it.\n\n\nThird party scanners flagging Red Hat Satellite due to availability of the higher version packages in Red Hat AMQ Clients (through errata RHSA-2020:2605) compare to the qpid packages from Satellite Tools repository. qpid dependency fixed in errata RHSA-2020:2605 was for Red Hat AMQ Clients and it doesn\u0027t necessarily mean that packages from Satellite Tools are affected. These are two different products with different architecture and code-base. Updating the packages from any other repository than the Satellite-tools repository is not recommended for Satellite Customers. \n\nRed Hat Satellite 6.7 and earlier ship affected version of netty, however, there is no external connection being exposed and it is used by only Artemis to open an internal connection within the JVM. Since netty does not come into contact with untrusted data, vulnerability is not exposed in product code and there is no breach of Confidentiality, Integrity or Availability expected from this vulnerability. We may update the netty and its dependency in a future release.\n\nMore information regarding Satellite related packages can be found on KCS: https://access.redhat.com/solutions/5200591", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Red Hat Single Sign-On 7.4.2" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2020-11612" }, { "category": "external", "summary": "RHBZ#1816216", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1816216" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2020-11612", "url": "https://www.cve.org/CVERecord?id=CVE-2020-11612" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-11612", "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-11612" } ], "release_date": "2020-01-31T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2020-08-18T16:34:33+00:00", "details": "Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nThe References section of this erratum contains a download link (you must log in to download the update).", "product_ids": [ "Red Hat Single Sign-On 7.4.2" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2020:3501" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "Red Hat Single Sign-On 7.4.2" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "netty: compression/decompression codecs don\u0027t enforce limits on buffer allocation sizes" }, { "cve": "CVE-2020-14297", "cwe": { "id": "CWE-400", "name": "Uncontrolled Resource Consumption" }, "discovery_date": "2020-07-01T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1853595" } ], "notes": [ { "category": "description", "text": "A flaw was found in Wildfly\u0027s EJB Client, where the accumulation of specific EJB transaction objects over time can cause services to slow down and eventually become unavailable. This flaw allows an attacker to cause a denial of service. The highest threat from this vulnerability is to system availability.", "title": "Vulnerability description" }, { "category": "summary", "text": "wildfly: Some EJB transaction objects may get accumulated causing Denial of Service", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Red Hat Single Sign-On 7.4.2" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2020-14297" }, { "category": "external", "summary": "RHBZ#1853595", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1853595" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2020-14297", "url": "https://www.cve.org/CVERecord?id=CVE-2020-14297" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-14297", "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-14297" } ], "release_date": "2020-07-23T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2020-08-18T16:34:33+00:00", "details": "Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nThe References section of this erratum contains a download link (you must log in to download the update).", "product_ids": [ "Red Hat Single Sign-On 7.4.2" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2020:3501" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "Red Hat Single Sign-On 7.4.2" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "wildfly: Some EJB transaction objects may get accumulated causing Denial of Service" }, { "cve": "CVE-2020-14307", "cwe": { "id": "CWE-404", "name": "Improper Resource Shutdown or Release" }, "discovery_date": "2020-06-19T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1851327" } ], "notes": [ { "category": "description", "text": "A vulnerability was found in Wildfly\u0027s Enterprise Java Beans (EJB), where SessionOpenInvocations are never removed from the remote InvocationTracker after a response is received in the EJB Client, as well as the server. This flaw allows an attacker to craft a denial of service attack to make the service unavailable.", "title": "Vulnerability description" }, { "category": "summary", "text": "wildfly: EJB SessionOpenInvocations may not be removed properly after a response is received causing Denial of Service", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Red Hat Single Sign-On 7.4.2" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2020-14307" }, { "category": "external", "summary": "RHBZ#1851327", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1851327" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2020-14307", "url": "https://www.cve.org/CVERecord?id=CVE-2020-14307" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-14307", "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-14307" } ], "release_date": "2020-07-23T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2020-08-18T16:34:33+00:00", "details": "Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nThe References section of this erratum contains a download link (you must log in to download the update).", "product_ids": [ "Red Hat Single Sign-On 7.4.2" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2020:3501" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "Red Hat Single Sign-On 7.4.2" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "wildfly: EJB SessionOpenInvocations may not be removed properly after a response is received causing Denial of Service" } ] }
rhsa-2020_3461
Vulnerability from csaf_redhat
Published
2020-08-17 13:28
Modified
2024-11-05 22:38
Summary
Red Hat Security Advisory: Red Hat JBoss Enterprise Application Platform 7.3.2 security update
Notes
Topic
An update is now available for Red Hat JBoss Enterprise Application Platform 7.3 for Red Hat Enterprise Linux 6.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details
Red Hat JBoss Enterprise Application Platform 7 is a platform for Java applications based on the WildFly application runtime.
This release of Red Hat JBoss Enterprise Application Platform 7.3.2 serves as a replacement for Red Hat JBoss Enterprise Application Platform 7.3.1, and includes bug fixes and enhancements. See the Red Hat JBoss Enterprise Application Platform 7.3.2 Release Notes for information about the most significant bug fixes and enhancements included in this release.
Security Fix(es):
* wildfly: exposed setting of TCCL via the EmbeddedManagedProcess API (CVE-2020-10718)
* dom4j: XML External Entity vulnerability in default SAX parser (CVE-2020-10683)
* wildfly-elytron: session fixation when using FORM authentication (CVE-2020-10714)
* wildfly-undertow: Undertow: Incomplete fix for CVE-2017-2666 due to permitting invalid characters in HTTP requests (CVE-2020-10687)
* jackson-databind: mishandles the interaction between serialization gadgets and typing which could result in remote command execution (CVE-2020-10673)
* hibernate-core: hibernate: SQL injection issue in Hibernate ORM (CVE-2019-14900)
* wildfly: unsafe deserialization in Wildfly Enterprise Java Beans (CVE-2020-10740)
* jackson-databind: mishandles the interaction between serialization gadgets and typing which could result in remote command execution (CVE-2020-10672)
* undertow: EAP: field-name is not parsed in accordance to RFC7230 (CVE-2020-1710)
* hibernate-validator: Improper input validation in the interpolation of constraint error messages (CVE-2020-10693)
* wildfly: Improper authorization issue in WildFlySecurityManager when using alternative protection domain (CVE-2020-1748)
* wildfly: Some EJB transaction objects may get accumulated causing Denial of Service (CVE-2020-14297)
For more details about the security issue(s), including the impact, a CVSS score, and other related information, see the CVE page(s) listed in the References section.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{ "document": { "aggregate_severity": { "namespace": "https://access.redhat.com/security/updates/classification/", "text": "Important" }, "category": "csaf_security_advisory", "csaf_version": "2.0", "distribution": { "text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.", "tlp": { "label": "WHITE", "url": "https://www.first.org/tlp/" } }, "lang": "en", "notes": [ { "category": "summary", "text": "An update is now available for Red Hat JBoss Enterprise Application Platform 7.3 for Red Hat Enterprise Linux 6.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.", "title": "Topic" }, { "category": "general", "text": "Red Hat JBoss Enterprise Application Platform 7 is a platform for Java applications based on the WildFly application runtime.\n\nThis release of Red Hat JBoss Enterprise Application Platform 7.3.2 serves as a replacement for Red Hat JBoss Enterprise Application Platform 7.3.1, and includes bug fixes and enhancements. See the Red Hat JBoss Enterprise Application Platform 7.3.2 Release Notes for information about the most significant bug fixes and enhancements included in this release.\n\nSecurity Fix(es):\n\n* wildfly: exposed setting of TCCL via the EmbeddedManagedProcess API (CVE-2020-10718)\n\n* dom4j: XML External Entity vulnerability in default SAX parser (CVE-2020-10683)\n\n* wildfly-elytron: session fixation when using FORM authentication (CVE-2020-10714)\n\n* wildfly-undertow: Undertow: Incomplete fix for CVE-2017-2666 due to permitting invalid characters in HTTP requests (CVE-2020-10687)\n\n* jackson-databind: mishandles the interaction between serialization gadgets and typing which could result in remote command execution (CVE-2020-10673)\n\n* hibernate-core: hibernate: SQL injection issue in Hibernate ORM (CVE-2019-14900)\n\n* wildfly: unsafe deserialization in Wildfly Enterprise Java Beans (CVE-2020-10740)\n\n* jackson-databind: mishandles the interaction between serialization gadgets and typing which could result in remote command execution (CVE-2020-10672)\n\n* undertow: EAP: field-name is not parsed in accordance to RFC7230 (CVE-2020-1710)\n\n* hibernate-validator: Improper input validation in the interpolation of constraint error messages (CVE-2020-10693)\n\n* wildfly: Improper authorization issue in WildFlySecurityManager when using alternative protection domain (CVE-2020-1748)\n\n* wildfly: Some EJB transaction objects may get accumulated causing Denial of Service (CVE-2020-14297)\n\nFor more details about the security issue(s), including the impact, a CVSS score, and other related information, see the CVE page(s) listed in the References section.", "title": "Details" }, { "category": "legal_disclaimer", "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.", "title": "Terms of Use" } ], "publisher": { "category": "vendor", "contact_details": "https://access.redhat.com/security/team/contact/", "issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.", "name": "Red Hat Product Security", "namespace": "https://www.redhat.com" }, "references": [ { "category": "self", "summary": "https://access.redhat.com/errata/RHSA-2020:3461", "url": "https://access.redhat.com/errata/RHSA-2020:3461" }, { "category": "external", "summary": "https://access.redhat.com/security/updates/classification/#important", "url": "https://access.redhat.com/security/updates/classification/#important" }, { "category": "external", "summary": "https://access.redhat.com/documentation/en-us/red_hat_jboss_enterprise_application_platform/7.3/", "url": "https://access.redhat.com/documentation/en-us/red_hat_jboss_enterprise_application_platform/7.3/" }, { "category": "external", "summary": "https://access.redhat.com/documentation/en-us/red_hat_jboss_enterprise_application_platform/7.3/html-single/installation_guide/", "url": "https://access.redhat.com/documentation/en-us/red_hat_jboss_enterprise_application_platform/7.3/html-single/installation_guide/" }, { "category": "external", "summary": "1666499", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1666499" }, { "category": "external", "summary": "1694235", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1694235" }, { "category": "external", "summary": "1785049", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1785049" }, { "category": "external", "summary": "1793970", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1793970" }, { "category": "external", "summary": "1805501", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1805501" }, { "category": "external", "summary": "1807707", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1807707" }, { "category": "external", "summary": "1815470", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1815470" }, { "category": "external", "summary": "1815495", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1815495" }, { "category": "external", "summary": "1825714", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1825714" }, { "category": "external", "summary": "1828476", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1828476" }, { "category": "external", "summary": "1834512", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1834512" }, { "category": "external", "summary": "1853595", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1853595" }, { "category": "external", "summary": "JBEAP-19095", "url": "https://issues.redhat.com/browse/JBEAP-19095" }, { "category": "external", "summary": "JBEAP-19134", "url": "https://issues.redhat.com/browse/JBEAP-19134" }, { "category": "external", "summary": "JBEAP-19185", "url": "https://issues.redhat.com/browse/JBEAP-19185" }, { "category": "external", "summary": "JBEAP-19203", "url": "https://issues.redhat.com/browse/JBEAP-19203" }, { "category": "external", "summary": "JBEAP-19269", "url": "https://issues.redhat.com/browse/JBEAP-19269" }, { "category": "external", "summary": "JBEAP-19322", "url": "https://issues.redhat.com/browse/JBEAP-19322" }, { "category": "external", "summary": "JBEAP-19325", "url": "https://issues.redhat.com/browse/JBEAP-19325" }, { "category": "external", "summary": "JBEAP-19397", "url": "https://issues.redhat.com/browse/JBEAP-19397" }, { "category": "external", "summary": "JBEAP-19409", "url": "https://issues.redhat.com/browse/JBEAP-19409" }, { "category": "external", "summary": "JBEAP-19529", "url": "https://issues.redhat.com/browse/JBEAP-19529" }, { "category": "external", "summary": "JBEAP-19564", "url": "https://issues.redhat.com/browse/JBEAP-19564" }, { "category": "external", "summary": "JBEAP-19585", "url": "https://issues.redhat.com/browse/JBEAP-19585" }, { "category": "external", "summary": "JBEAP-19617", "url": "https://issues.redhat.com/browse/JBEAP-19617" }, { "category": "external", "summary": "JBEAP-19619", "url": "https://issues.redhat.com/browse/JBEAP-19619" }, { "category": "external", "summary": "JBEAP-19673", "url": "https://issues.redhat.com/browse/JBEAP-19673" }, { "category": "external", "summary": "JBEAP-19674", "url": "https://issues.redhat.com/browse/JBEAP-19674" }, { "category": "external", "summary": "JBEAP-19874", "url": "https://issues.redhat.com/browse/JBEAP-19874" }, { "category": "self", "summary": "Canonical URL", "url": "https://security.access.redhat.com/data/csaf/v2/advisories/2020/rhsa-2020_3461.json" } ], "title": "Red Hat Security Advisory: Red Hat JBoss Enterprise Application Platform 7.3.2 security update", "tracking": { "current_release_date": "2024-11-05T22:38:01+00:00", "generator": { "date": "2024-11-05T22:38:01+00:00", "engine": { "name": "Red Hat SDEngine", "version": "4.1.1" } }, "id": "RHSA-2020:3461", "initial_release_date": "2020-08-17T13:28:01+00:00", "revision_history": [ { "date": "2020-08-17T13:28:01+00:00", "number": "1", "summary": "Initial version" }, { "date": "2020-08-17T13:28:01+00:00", "number": "2", "summary": "Last updated version" }, { "date": "2024-11-05T22:38:01+00:00", "number": "3", "summary": "Last generated version" } ], "status": "final", "version": "3" } }, "product_tree": { "branches": [ { "branches": [ { "branches": [ { "category": "product_name", "name": "Red Hat JBoss EAP 7.3 for RHEL 6 Server", "product": { "name": "Red Hat JBoss EAP 7.3 for RHEL 6 Server", "product_id": "6Server-JBEAP-7.3", "product_identification_helper": { "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:7.3::el6" } } } ], "category": "product_family", "name": "Red Hat JBoss Enterprise Application Platform" }, { "branches": [ { "category": "product_version", "name": "eap7-elytron-web-0:1.6.2-1.Final_redhat_00001.1.el6eap.src", "product": { "name": "eap7-elytron-web-0:1.6.2-1.Final_redhat_00001.1.el6eap.src", "product_id": "eap7-elytron-web-0:1.6.2-1.Final_redhat_00001.1.el6eap.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-elytron-web@1.6.2-1.Final_redhat_00001.1.el6eap?arch=src" } } }, { "category": "product_version", "name": "eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el6eap.src", "product": { "name": "eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el6eap.src", "product_id": "eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el6eap.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jboss-xnio-base@3.7.8-1.SP1_redhat_00001.1.el6eap?arch=src" } } }, { "category": "product_version", "name": "eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el6eap.src", "product": { "name": "eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el6eap.src", "product_id": "eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el6eap.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-glassfish-jsf@2.3.9-11.SP11_redhat_00001.1.el6eap?arch=src" } } }, { "category": "product_version", "name": "eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el6eap.src", "product": { "name": "eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el6eap.src", "product_id": "eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el6eap.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jboss-jsf-api_2.3_spec@3.0.0-4.SP04_redhat_00001.1.el6eap?arch=src" } } }, { "category": "product_version", "name": "eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el6eap.src", "product": { "name": "eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el6eap.src", "product_id": "eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el6eap.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-netty@4.1.48-1.Final_redhat_00001.1.el6eap?arch=src" } } }, { "category": "product_version", "name": "eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el6eap.src", "product": { "name": "eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el6eap.src", "product_id": "eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el6eap.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-wildfly-elytron@1.10.7-1.Final_redhat_00001.1.el6eap?arch=src" } } }, { "category": "product_version", "name": "eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el6eap.src", "product": { "name": "eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el6eap.src", "product_id": "eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el6eap.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-hal-console@3.2.9-1.Final_redhat_00001.1.el6eap?arch=src" } } }, { "category": "product_version", "name": "eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el6eap.src", "product": { "name": "eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el6eap.src", "product_id": "eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el6eap.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-infinispan@9.4.19-1.Final_redhat_00001.1.el6eap?arch=src" } } }, { "category": "product_version", "name": "eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el6eap.src", "product": { "name": "eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el6eap.src", "product_id": "eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el6eap.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jackson-databind@2.10.4-1.redhat_00001.1.el6eap?arch=src" } } }, { "category": "product_version", "name": "eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el6eap.src", "product": { "name": "eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el6eap.src", "product_id": "eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el6eap.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-wildfly-common@1.5.2-1.Final_redhat_00002.1.el6eap?arch=src" } } }, { "category": "product_version", "name": "eap7-dom4j-0:2.1.3-1.redhat_00001.1.el6eap.src", "product": { "name": "eap7-dom4j-0:2.1.3-1.redhat_00001.1.el6eap.src", "product_id": "eap7-dom4j-0:2.1.3-1.redhat_00001.1.el6eap.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-dom4j@2.1.3-1.redhat_00001.1.el6eap?arch=src" } } }, { "category": "product_version", "name": "eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el6eap.src", "product": { "name": "eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el6eap.src", "product_id": "eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el6eap.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jboss-logmanager@2.1.15-1.Final_redhat_00001.1.el6eap?arch=src" } } }, { "category": "product_version", "name": "eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el6eap.src", "product": { "name": "eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el6eap.src", "product_id": "eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el6eap.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-hibernate@5.3.17-1.Final_redhat_00001.1.el6eap?arch=src" } } }, { "category": "product_version", "name": "eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el6eap.src", "product": { "name": "eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el6eap.src", "product_id": "eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el6eap.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-hibernate-validator@6.0.20-1.Final_redhat_00001.1.el6eap?arch=src" } } }, { "category": "product_version", "name": "eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el6eap.src", "product": { "name": "eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el6eap.src", "product_id": "eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el6eap.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jboss-genericjms@2.0.6-1.Final_redhat_00001.1.el6eap?arch=src" } } }, { "category": "product_version", "name": "eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el6eap.src", "product": { "name": "eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el6eap.src", "product_id": "eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el6eap.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-ironjacamar@1.4.22-1.Final_redhat_00001.1.el6eap?arch=src" } } }, { "category": "product_version", "name": "eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el6eap.src", "product": { "name": "eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el6eap.src", "product_id": "eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el6eap.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-undertow@2.0.30-4.SP4_redhat_00001.1.el6eap?arch=src" } } }, { "category": "product_version", "name": "eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el6eap.src", "product": { "name": "eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el6eap.src", "product_id": "eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el6eap.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jackson-annotations@2.10.4-1.redhat_00001.1.el6eap?arch=src" } } }, { "category": "product_version", "name": "eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el6eap.src", "product": { "name": "eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el6eap.src", "product_id": "eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el6eap.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jackson-core@2.10.4-1.redhat_00001.1.el6eap?arch=src" } } }, { "category": "product_version", "name": "eap7-jackson-jaxrs-providers-0:2.10.4-1.redhat_00001.1.el6eap.src", "product": { "name": "eap7-jackson-jaxrs-providers-0:2.10.4-1.redhat_00001.1.el6eap.src", "product_id": "eap7-jackson-jaxrs-providers-0:2.10.4-1.redhat_00001.1.el6eap.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jackson-jaxrs-providers@2.10.4-1.redhat_00001.1.el6eap?arch=src" } } }, { "category": "product_version", "name": "eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el6eap.src", "product": { "name": "eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el6eap.src", "product_id": "eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el6eap.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jackson-modules-java8@2.10.4-1.redhat_00001.1.el6eap?arch=src" } } }, { "category": "product_version", "name": "eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el6eap.src", "product": { "name": "eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el6eap.src", "product_id": "eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el6eap.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jackson-modules-base@2.10.4-1.redhat_00001.1.el6eap?arch=src" } } }, { "category": "product_version", "name": "eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el6eap.src", "product": { "name": "eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el6eap.src", "product_id": "eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el6eap.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jboss-server-migration@1.7.1-7.Final_redhat_00009.1.el6eap?arch=src" } } }, { "category": "product_version", "name": "eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.src", "product": { "name": "eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.src", "product_id": "eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-wildfly-http-client@1.0.22-1.Final_redhat_00001.1.el6eap?arch=src" } } }, { "category": "product_version", "name": "eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el6eap.src", "product": { "name": "eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el6eap.src", "product_id": "eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el6eap.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-wildfly@7.3.2-4.GA_redhat_00002.1.el6eap?arch=src" } } } ], "category": "architecture", "name": "src" }, { "branches": [ { "category": "product_version", "name": "eap7-undertow-server-0:1.6.2-1.Final_redhat_00001.1.el6eap.noarch", "product": { "name": "eap7-undertow-server-0:1.6.2-1.Final_redhat_00001.1.el6eap.noarch", "product_id": "eap7-undertow-server-0:1.6.2-1.Final_redhat_00001.1.el6eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-undertow-server@1.6.2-1.Final_redhat_00001.1.el6eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el6eap.noarch", "product": { "name": "eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el6eap.noarch", "product_id": "eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el6eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jboss-xnio-base@3.7.8-1.SP1_redhat_00001.1.el6eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el6eap.noarch", "product": { "name": "eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el6eap.noarch", "product_id": "eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el6eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-glassfish-jsf@2.3.9-11.SP11_redhat_00001.1.el6eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el6eap.noarch", "product": { "name": "eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el6eap.noarch", "product_id": "eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el6eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jboss-jsf-api_2.3_spec@3.0.0-4.SP04_redhat_00001.1.el6eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el6eap.noarch", "product": { "name": "eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el6eap.noarch", "product_id": "eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el6eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-netty@4.1.48-1.Final_redhat_00001.1.el6eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-netty-all-0:4.1.48-1.Final_redhat_00001.1.el6eap.noarch", "product": { "name": "eap7-netty-all-0:4.1.48-1.Final_redhat_00001.1.el6eap.noarch", "product_id": "eap7-netty-all-0:4.1.48-1.Final_redhat_00001.1.el6eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-netty-all@4.1.48-1.Final_redhat_00001.1.el6eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el6eap.noarch", "product": { "name": "eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el6eap.noarch", "product_id": "eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el6eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-wildfly-elytron@1.10.7-1.Final_redhat_00001.1.el6eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-wildfly-elytron-tool-0:1.10.7-1.Final_redhat_00001.1.el6eap.noarch", "product": { "name": "eap7-wildfly-elytron-tool-0:1.10.7-1.Final_redhat_00001.1.el6eap.noarch", "product_id": "eap7-wildfly-elytron-tool-0:1.10.7-1.Final_redhat_00001.1.el6eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-wildfly-elytron-tool@1.10.7-1.Final_redhat_00001.1.el6eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el6eap.noarch", "product": { "name": "eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el6eap.noarch", "product_id": "eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el6eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-hal-console@3.2.9-1.Final_redhat_00001.1.el6eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch", "product": { "name": "eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch", "product_id": "eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-infinispan@9.4.19-1.Final_redhat_00001.1.el6eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-infinispan-cachestore-jdbc-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch", "product": { "name": "eap7-infinispan-cachestore-jdbc-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch", "product_id": "eap7-infinispan-cachestore-jdbc-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-infinispan-cachestore-jdbc@9.4.19-1.Final_redhat_00001.1.el6eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-infinispan-cachestore-remote-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch", "product": { "name": "eap7-infinispan-cachestore-remote-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch", "product_id": "eap7-infinispan-cachestore-remote-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-infinispan-cachestore-remote@9.4.19-1.Final_redhat_00001.1.el6eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-infinispan-client-hotrod-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch", "product": { "name": "eap7-infinispan-client-hotrod-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch", "product_id": "eap7-infinispan-client-hotrod-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-infinispan-client-hotrod@9.4.19-1.Final_redhat_00001.1.el6eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-infinispan-commons-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch", "product": { "name": "eap7-infinispan-commons-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch", "product_id": "eap7-infinispan-commons-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-infinispan-commons@9.4.19-1.Final_redhat_00001.1.el6eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-infinispan-core-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch", "product": { "name": "eap7-infinispan-core-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch", "product_id": "eap7-infinispan-core-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-infinispan-core@9.4.19-1.Final_redhat_00001.1.el6eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-infinispan-hibernate-cache-commons-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch", "product": { "name": "eap7-infinispan-hibernate-cache-commons-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch", "product_id": "eap7-infinispan-hibernate-cache-commons-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-infinispan-hibernate-cache-commons@9.4.19-1.Final_redhat_00001.1.el6eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-infinispan-hibernate-cache-spi-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch", "product": { "name": "eap7-infinispan-hibernate-cache-spi-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch", "product_id": "eap7-infinispan-hibernate-cache-spi-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-infinispan-hibernate-cache-spi@9.4.19-1.Final_redhat_00001.1.el6eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-infinispan-hibernate-cache-v53-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch", "product": { "name": "eap7-infinispan-hibernate-cache-v53-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch", "product_id": "eap7-infinispan-hibernate-cache-v53-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-infinispan-hibernate-cache-v53@9.4.19-1.Final_redhat_00001.1.el6eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el6eap.noarch", "product": { "name": "eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el6eap.noarch", "product_id": "eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el6eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jackson-databind@2.10.4-1.redhat_00001.1.el6eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el6eap.noarch", "product": { "name": "eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el6eap.noarch", "product_id": "eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el6eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-wildfly-common@1.5.2-1.Final_redhat_00002.1.el6eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-dom4j-0:2.1.3-1.redhat_00001.1.el6eap.noarch", "product": { "name": "eap7-dom4j-0:2.1.3-1.redhat_00001.1.el6eap.noarch", "product_id": "eap7-dom4j-0:2.1.3-1.redhat_00001.1.el6eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-dom4j@2.1.3-1.redhat_00001.1.el6eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el6eap.noarch", "product": { "name": "eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el6eap.noarch", "product_id": "eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el6eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jboss-logmanager@2.1.15-1.Final_redhat_00001.1.el6eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "product": { "name": "eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "product_id": "eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-hibernate@5.3.17-1.Final_redhat_00001.1.el6eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "product": { "name": "eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "product_id": "eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-hibernate-core@5.3.17-1.Final_redhat_00001.1.el6eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "product": { "name": "eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "product_id": "eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-hibernate-entitymanager@5.3.17-1.Final_redhat_00001.1.el6eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "product": { "name": "eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "product_id": "eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-hibernate-envers@5.3.17-1.Final_redhat_00001.1.el6eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "product": { "name": "eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "product_id": "eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-hibernate-java8@5.3.17-1.Final_redhat_00001.1.el6eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el6eap.noarch", "product": { "name": "eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el6eap.noarch", "product_id": "eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el6eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-hibernate-validator@6.0.20-1.Final_redhat_00001.1.el6eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el6eap.noarch", "product": { "name": "eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el6eap.noarch", "product_id": "eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el6eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-hibernate-validator-cdi@6.0.20-1.Final_redhat_00001.1.el6eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el6eap.noarch", "product": { "name": "eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el6eap.noarch", "product_id": "eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el6eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jboss-genericjms@2.0.6-1.Final_redhat_00001.1.el6eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "product": { "name": "eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "product_id": "eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-ironjacamar@1.4.22-1.Final_redhat_00001.1.el6eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "product": { "name": "eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "product_id": "eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-ironjacamar-common-api@1.4.22-1.Final_redhat_00001.1.el6eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "product": { "name": "eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "product_id": "eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-ironjacamar-common-impl@1.4.22-1.Final_redhat_00001.1.el6eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "product": { "name": "eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "product_id": "eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-ironjacamar-common-spi@1.4.22-1.Final_redhat_00001.1.el6eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "product": { "name": "eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "product_id": "eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-ironjacamar-core-api@1.4.22-1.Final_redhat_00001.1.el6eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "product": { "name": "eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "product_id": "eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-ironjacamar-core-impl@1.4.22-1.Final_redhat_00001.1.el6eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "product": { "name": "eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "product_id": "eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-ironjacamar-deployers-common@1.4.22-1.Final_redhat_00001.1.el6eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "product": { "name": "eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "product_id": "eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-ironjacamar-jdbc@1.4.22-1.Final_redhat_00001.1.el6eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "product": { "name": "eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "product_id": "eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-ironjacamar-validator@1.4.22-1.Final_redhat_00001.1.el6eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el6eap.noarch", "product": { "name": "eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el6eap.noarch", "product_id": "eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el6eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-undertow@2.0.30-4.SP4_redhat_00001.1.el6eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el6eap.noarch", "product": { "name": "eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el6eap.noarch", "product_id": "eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el6eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jackson-annotations@2.10.4-1.redhat_00001.1.el6eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el6eap.noarch", "product": { "name": "eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el6eap.noarch", "product_id": "eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el6eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jackson-core@2.10.4-1.redhat_00001.1.el6eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-jackson-jaxrs-base-0:2.10.4-1.redhat_00001.1.el6eap.noarch", "product": { "name": "eap7-jackson-jaxrs-base-0:2.10.4-1.redhat_00001.1.el6eap.noarch", "product_id": "eap7-jackson-jaxrs-base-0:2.10.4-1.redhat_00001.1.el6eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jackson-jaxrs-base@2.10.4-1.redhat_00001.1.el6eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-jackson-jaxrs-json-provider-0:2.10.4-1.redhat_00001.1.el6eap.noarch", "product": { "name": "eap7-jackson-jaxrs-json-provider-0:2.10.4-1.redhat_00001.1.el6eap.noarch", "product_id": "eap7-jackson-jaxrs-json-provider-0:2.10.4-1.redhat_00001.1.el6eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jackson-jaxrs-json-provider@2.10.4-1.redhat_00001.1.el6eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-jackson-datatype-jdk8-0:2.10.4-1.redhat_00001.1.el6eap.noarch", "product": { "name": "eap7-jackson-datatype-jdk8-0:2.10.4-1.redhat_00001.1.el6eap.noarch", "product_id": "eap7-jackson-datatype-jdk8-0:2.10.4-1.redhat_00001.1.el6eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jackson-datatype-jdk8@2.10.4-1.redhat_00001.1.el6eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-jackson-datatype-jsr310-0:2.10.4-1.redhat_00001.1.el6eap.noarch", "product": { "name": "eap7-jackson-datatype-jsr310-0:2.10.4-1.redhat_00001.1.el6eap.noarch", "product_id": "eap7-jackson-datatype-jsr310-0:2.10.4-1.redhat_00001.1.el6eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jackson-datatype-jsr310@2.10.4-1.redhat_00001.1.el6eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el6eap.noarch", "product": { "name": "eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el6eap.noarch", "product_id": "eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el6eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jackson-modules-java8@2.10.4-1.redhat_00001.1.el6eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-jackson-module-jaxb-annotations-0:2.10.4-1.redhat_00001.1.el6eap.noarch", "product": { "name": "eap7-jackson-module-jaxb-annotations-0:2.10.4-1.redhat_00001.1.el6eap.noarch", "product_id": "eap7-jackson-module-jaxb-annotations-0:2.10.4-1.redhat_00001.1.el6eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jackson-module-jaxb-annotations@2.10.4-1.redhat_00001.1.el6eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el6eap.noarch", "product": { "name": "eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el6eap.noarch", "product_id": "eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el6eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jackson-modules-base@2.10.4-1.redhat_00001.1.el6eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "product": { "name": "eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "product_id": "eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jboss-server-migration@1.7.1-7.Final_redhat_00009.1.el6eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-jboss-server-migration-cli-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "product": { "name": "eap7-jboss-server-migration-cli-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "product_id": "eap7-jboss-server-migration-cli-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jboss-server-migration-cli@1.7.1-7.Final_redhat_00009.1.el6eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-jboss-server-migration-core-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "product": { "name": "eap7-jboss-server-migration-core-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "product_id": "eap7-jboss-server-migration-core-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jboss-server-migration-core@1.7.1-7.Final_redhat_00009.1.el6eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-jboss-server-migration-eap6.4-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "product": { "name": "eap7-jboss-server-migration-eap6.4-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "product_id": "eap7-jboss-server-migration-eap6.4-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jboss-server-migration-eap6.4@1.7.1-7.Final_redhat_00009.1.el6eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "product": { "name": "eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "product_id": "eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jboss-server-migration-eap6.4-to-eap7.3@1.7.1-7.Final_redhat_00009.1.el6eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-jboss-server-migration-eap7.0-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "product": { "name": "eap7-jboss-server-migration-eap7.0-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "product_id": "eap7-jboss-server-migration-eap7.0-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jboss-server-migration-eap7.0@1.7.1-7.Final_redhat_00009.1.el6eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-jboss-server-migration-eap7.1-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "product": { "name": "eap7-jboss-server-migration-eap7.1-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "product_id": "eap7-jboss-server-migration-eap7.1-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jboss-server-migration-eap7.1@1.7.1-7.Final_redhat_00009.1.el6eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-jboss-server-migration-eap7.2-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "product": { "name": "eap7-jboss-server-migration-eap7.2-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "product_id": "eap7-jboss-server-migration-eap7.2-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jboss-server-migration-eap7.2@1.7.1-7.Final_redhat_00009.1.el6eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "product": { "name": "eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "product_id": "eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jboss-server-migration-eap7.2-to-eap7.3@1.7.1-7.Final_redhat_00009.1.el6eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-jboss-server-migration-eap7.3-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "product": { "name": "eap7-jboss-server-migration-eap7.3-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "product_id": "eap7-jboss-server-migration-eap7.3-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jboss-server-migration-eap7.3-server@1.7.1-7.Final_redhat_00009.1.el6eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-jboss-server-migration-wildfly10.0-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "product": { "name": "eap7-jboss-server-migration-wildfly10.0-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "product_id": "eap7-jboss-server-migration-wildfly10.0-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jboss-server-migration-wildfly10.0@1.7.1-7.Final_redhat_00009.1.el6eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-jboss-server-migration-wildfly10.1-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "product": { "name": "eap7-jboss-server-migration-wildfly10.1-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "product_id": "eap7-jboss-server-migration-wildfly10.1-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jboss-server-migration-wildfly10.1@1.7.1-7.Final_redhat_00009.1.el6eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-jboss-server-migration-wildfly11.0-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "product": { "name": "eap7-jboss-server-migration-wildfly11.0-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "product_id": "eap7-jboss-server-migration-wildfly11.0-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jboss-server-migration-wildfly11.0@1.7.1-7.Final_redhat_00009.1.el6eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-jboss-server-migration-wildfly12.0-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "product": { "name": "eap7-jboss-server-migration-wildfly12.0-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "product_id": "eap7-jboss-server-migration-wildfly12.0-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jboss-server-migration-wildfly12.0@1.7.1-7.Final_redhat_00009.1.el6eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-jboss-server-migration-wildfly13.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "product": { "name": "eap7-jboss-server-migration-wildfly13.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "product_id": "eap7-jboss-server-migration-wildfly13.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jboss-server-migration-wildfly13.0-server@1.7.1-7.Final_redhat_00009.1.el6eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-jboss-server-migration-wildfly14.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "product": { "name": "eap7-jboss-server-migration-wildfly14.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "product_id": "eap7-jboss-server-migration-wildfly14.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jboss-server-migration-wildfly14.0-server@1.7.1-7.Final_redhat_00009.1.el6eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-jboss-server-migration-wildfly15.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "product": { "name": "eap7-jboss-server-migration-wildfly15.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "product_id": "eap7-jboss-server-migration-wildfly15.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jboss-server-migration-wildfly15.0-server@1.7.1-7.Final_redhat_00009.1.el6eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-jboss-server-migration-wildfly16.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "product": { "name": "eap7-jboss-server-migration-wildfly16.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "product_id": "eap7-jboss-server-migration-wildfly16.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jboss-server-migration-wildfly16.0-server@1.7.1-7.Final_redhat_00009.1.el6eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-jboss-server-migration-wildfly17.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "product": { "name": "eap7-jboss-server-migration-wildfly17.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "product_id": "eap7-jboss-server-migration-wildfly17.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jboss-server-migration-wildfly17.0-server@1.7.1-7.Final_redhat_00009.1.el6eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-jboss-server-migration-wildfly18.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "product": { "name": "eap7-jboss-server-migration-wildfly18.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "product_id": "eap7-jboss-server-migration-wildfly18.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jboss-server-migration-wildfly18.0-server@1.7.1-7.Final_redhat_00009.1.el6eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-jboss-server-migration-wildfly8.2-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "product": { "name": "eap7-jboss-server-migration-wildfly8.2-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "product_id": "eap7-jboss-server-migration-wildfly8.2-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jboss-server-migration-wildfly8.2@1.7.1-7.Final_redhat_00009.1.el6eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-jboss-server-migration-wildfly9.0-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "product": { "name": "eap7-jboss-server-migration-wildfly9.0-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "product_id": "eap7-jboss-server-migration-wildfly9.0-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jboss-server-migration-wildfly9.0@1.7.1-7.Final_redhat_00009.1.el6eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch", "product": { "name": "eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch", "product_id": "eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-wildfly-http-client-common@1.0.22-1.Final_redhat_00001.1.el6eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch", "product": { "name": "eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch", "product_id": "eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-wildfly-http-ejb-client@1.0.22-1.Final_redhat_00001.1.el6eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch", "product": { "name": "eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch", "product_id": "eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-wildfly-http-naming-client@1.0.22-1.Final_redhat_00001.1.el6eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch", "product": { "name": "eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch", "product_id": "eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-wildfly-http-transaction-client@1.0.22-1.Final_redhat_00001.1.el6eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el6eap.noarch", "product": { "name": "eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el6eap.noarch", "product_id": "eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el6eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-wildfly@7.3.2-4.GA_redhat_00002.1.el6eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-wildfly-javadocs-0:7.3.2-4.GA_redhat_00002.1.el6eap.noarch", "product": { "name": "eap7-wildfly-javadocs-0:7.3.2-4.GA_redhat_00002.1.el6eap.noarch", "product_id": "eap7-wildfly-javadocs-0:7.3.2-4.GA_redhat_00002.1.el6eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-wildfly-javadocs@7.3.2-4.GA_redhat_00002.1.el6eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-wildfly-modules-0:7.3.2-4.GA_redhat_00002.1.el6eap.noarch", "product": { "name": "eap7-wildfly-modules-0:7.3.2-4.GA_redhat_00002.1.el6eap.noarch", "product_id": "eap7-wildfly-modules-0:7.3.2-4.GA_redhat_00002.1.el6eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-wildfly-modules@7.3.2-4.GA_redhat_00002.1.el6eap?arch=noarch" } } } ], "category": "architecture", "name": "noarch" } ], "category": "vendor", "name": "Red Hat" } ], "relationships": [ { "category": "default_component_of", "full_product_name": { "name": "eap7-dom4j-0:2.1.3-1.redhat_00001.1.el6eap.noarch as a component of Red Hat JBoss EAP 7.3 for RHEL 6 Server", "product_id": "6Server-JBEAP-7.3:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el6eap.noarch" }, "product_reference": "eap7-dom4j-0:2.1.3-1.redhat_00001.1.el6eap.noarch", "relates_to_product_reference": "6Server-JBEAP-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-dom4j-0:2.1.3-1.redhat_00001.1.el6eap.src as a component of Red Hat JBoss EAP 7.3 for RHEL 6 Server", "product_id": "6Server-JBEAP-7.3:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el6eap.src" }, "product_reference": "eap7-dom4j-0:2.1.3-1.redhat_00001.1.el6eap.src", "relates_to_product_reference": "6Server-JBEAP-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-elytron-web-0:1.6.2-1.Final_redhat_00001.1.el6eap.src as a component of Red Hat JBoss EAP 7.3 for RHEL 6 Server", "product_id": "6Server-JBEAP-7.3:eap7-elytron-web-0:1.6.2-1.Final_redhat_00001.1.el6eap.src" }, "product_reference": "eap7-elytron-web-0:1.6.2-1.Final_redhat_00001.1.el6eap.src", "relates_to_product_reference": "6Server-JBEAP-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el6eap.noarch as a component of Red Hat JBoss EAP 7.3 for RHEL 6 Server", "product_id": "6Server-JBEAP-7.3:eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el6eap.noarch" }, "product_reference": "eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el6eap.noarch", "relates_to_product_reference": "6Server-JBEAP-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el6eap.src as a component of Red Hat JBoss EAP 7.3 for RHEL 6 Server", "product_id": "6Server-JBEAP-7.3:eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el6eap.src" }, "product_reference": "eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el6eap.src", "relates_to_product_reference": "6Server-JBEAP-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el6eap.noarch as a component of Red Hat JBoss EAP 7.3 for RHEL 6 Server", "product_id": "6Server-JBEAP-7.3:eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el6eap.noarch" }, "product_reference": "eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el6eap.noarch", "relates_to_product_reference": "6Server-JBEAP-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el6eap.src as a component of Red Hat JBoss EAP 7.3 for RHEL 6 Server", "product_id": "6Server-JBEAP-7.3:eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el6eap.src" }, "product_reference": "eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el6eap.src", "relates_to_product_reference": "6Server-JBEAP-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch as a component of Red Hat JBoss EAP 7.3 for RHEL 6 Server", "product_id": "6Server-JBEAP-7.3:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch" }, "product_reference": "eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "relates_to_product_reference": "6Server-JBEAP-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el6eap.src as a component of Red Hat JBoss EAP 7.3 for RHEL 6 Server", "product_id": "6Server-JBEAP-7.3:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el6eap.src" }, "product_reference": "eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el6eap.src", "relates_to_product_reference": "6Server-JBEAP-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch as a component of Red Hat JBoss EAP 7.3 for RHEL 6 Server", "product_id": "6Server-JBEAP-7.3:eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch" }, "product_reference": "eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "relates_to_product_reference": "6Server-JBEAP-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch as a component of Red Hat JBoss EAP 7.3 for RHEL 6 Server", "product_id": "6Server-JBEAP-7.3:eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch" }, "product_reference": "eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "relates_to_product_reference": "6Server-JBEAP-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch as a component of Red Hat JBoss EAP 7.3 for RHEL 6 Server", "product_id": "6Server-JBEAP-7.3:eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch" }, "product_reference": "eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "relates_to_product_reference": "6Server-JBEAP-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch as a component of Red Hat JBoss EAP 7.3 for RHEL 6 Server", "product_id": "6Server-JBEAP-7.3:eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch" }, "product_reference": "eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "relates_to_product_reference": "6Server-JBEAP-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el6eap.noarch as a component of Red Hat JBoss EAP 7.3 for RHEL 6 Server", "product_id": "6Server-JBEAP-7.3:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el6eap.noarch" }, "product_reference": "eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el6eap.noarch", "relates_to_product_reference": "6Server-JBEAP-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el6eap.src as a component of Red Hat JBoss EAP 7.3 for RHEL 6 Server", "product_id": "6Server-JBEAP-7.3:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el6eap.src" }, "product_reference": "eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el6eap.src", "relates_to_product_reference": "6Server-JBEAP-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el6eap.noarch as a component of Red Hat JBoss EAP 7.3 for RHEL 6 Server", "product_id": "6Server-JBEAP-7.3:eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el6eap.noarch" }, "product_reference": "eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el6eap.noarch", "relates_to_product_reference": "6Server-JBEAP-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch as a component of Red Hat JBoss EAP 7.3 for RHEL 6 Server", "product_id": "6Server-JBEAP-7.3:eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch" }, "product_reference": "eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch", "relates_to_product_reference": "6Server-JBEAP-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el6eap.src as a component of Red Hat JBoss EAP 7.3 for RHEL 6 Server", "product_id": "6Server-JBEAP-7.3:eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el6eap.src" }, "product_reference": "eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el6eap.src", "relates_to_product_reference": "6Server-JBEAP-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-infinispan-cachestore-jdbc-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch as a component of Red Hat JBoss EAP 7.3 for RHEL 6 Server", "product_id": "6Server-JBEAP-7.3:eap7-infinispan-cachestore-jdbc-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch" }, "product_reference": "eap7-infinispan-cachestore-jdbc-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch", "relates_to_product_reference": "6Server-JBEAP-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-infinispan-cachestore-remote-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch as a component of Red Hat JBoss EAP 7.3 for RHEL 6 Server", "product_id": "6Server-JBEAP-7.3:eap7-infinispan-cachestore-remote-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch" }, "product_reference": "eap7-infinispan-cachestore-remote-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch", "relates_to_product_reference": "6Server-JBEAP-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-infinispan-client-hotrod-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch as a component of Red Hat JBoss EAP 7.3 for RHEL 6 Server", "product_id": "6Server-JBEAP-7.3:eap7-infinispan-client-hotrod-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch" }, "product_reference": "eap7-infinispan-client-hotrod-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch", "relates_to_product_reference": "6Server-JBEAP-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-infinispan-commons-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch as a component of Red Hat JBoss EAP 7.3 for RHEL 6 Server", "product_id": "6Server-JBEAP-7.3:eap7-infinispan-commons-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch" }, "product_reference": "eap7-infinispan-commons-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch", "relates_to_product_reference": "6Server-JBEAP-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-infinispan-core-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch as a component of Red Hat JBoss EAP 7.3 for RHEL 6 Server", "product_id": "6Server-JBEAP-7.3:eap7-infinispan-core-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch" }, "product_reference": "eap7-infinispan-core-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch", "relates_to_product_reference": "6Server-JBEAP-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-infinispan-hibernate-cache-commons-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch as a component of Red Hat JBoss EAP 7.3 for RHEL 6 Server", "product_id": "6Server-JBEAP-7.3:eap7-infinispan-hibernate-cache-commons-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch" }, "product_reference": "eap7-infinispan-hibernate-cache-commons-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch", "relates_to_product_reference": "6Server-JBEAP-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-infinispan-hibernate-cache-spi-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch as a component of Red Hat JBoss EAP 7.3 for RHEL 6 Server", "product_id": "6Server-JBEAP-7.3:eap7-infinispan-hibernate-cache-spi-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch" }, "product_reference": "eap7-infinispan-hibernate-cache-spi-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch", "relates_to_product_reference": "6Server-JBEAP-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-infinispan-hibernate-cache-v53-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch as a component of Red Hat JBoss EAP 7.3 for RHEL 6 Server", "product_id": "6Server-JBEAP-7.3:eap7-infinispan-hibernate-cache-v53-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch" }, "product_reference": "eap7-infinispan-hibernate-cache-v53-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch", "relates_to_product_reference": "6Server-JBEAP-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch as a component of Red Hat JBoss EAP 7.3 for RHEL 6 Server", "product_id": "6Server-JBEAP-7.3:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch" }, "product_reference": "eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "relates_to_product_reference": "6Server-JBEAP-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el6eap.src as a component of Red Hat JBoss EAP 7.3 for RHEL 6 Server", "product_id": "6Server-JBEAP-7.3:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el6eap.src" }, "product_reference": "eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el6eap.src", "relates_to_product_reference": "6Server-JBEAP-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch as a component of Red Hat JBoss EAP 7.3 for RHEL 6 Server", "product_id": "6Server-JBEAP-7.3:eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch" }, "product_reference": "eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "relates_to_product_reference": "6Server-JBEAP-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch as a component of Red Hat JBoss EAP 7.3 for RHEL 6 Server", "product_id": "6Server-JBEAP-7.3:eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch" }, "product_reference": "eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "relates_to_product_reference": "6Server-JBEAP-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch as a component of Red Hat JBoss EAP 7.3 for RHEL 6 Server", "product_id": "6Server-JBEAP-7.3:eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch" }, "product_reference": "eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "relates_to_product_reference": "6Server-JBEAP-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch as a component of Red Hat JBoss EAP 7.3 for RHEL 6 Server", "product_id": "6Server-JBEAP-7.3:eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch" }, "product_reference": "eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "relates_to_product_reference": "6Server-JBEAP-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch as a component of Red Hat JBoss EAP 7.3 for RHEL 6 Server", "product_id": "6Server-JBEAP-7.3:eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch" }, "product_reference": "eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "relates_to_product_reference": "6Server-JBEAP-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch as a component of Red Hat JBoss EAP 7.3 for RHEL 6 Server", "product_id": "6Server-JBEAP-7.3:eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch" }, "product_reference": "eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "relates_to_product_reference": "6Server-JBEAP-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch as a component of Red Hat JBoss EAP 7.3 for RHEL 6 Server", "product_id": "6Server-JBEAP-7.3:eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch" }, "product_reference": "eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "relates_to_product_reference": "6Server-JBEAP-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch as a component of Red Hat JBoss EAP 7.3 for RHEL 6 Server", "product_id": "6Server-JBEAP-7.3:eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch" }, "product_reference": "eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "relates_to_product_reference": "6Server-JBEAP-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el6eap.noarch as a component of Red Hat JBoss EAP 7.3 for RHEL 6 Server", "product_id": "6Server-JBEAP-7.3:eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el6eap.noarch" }, "product_reference": "eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el6eap.noarch", "relates_to_product_reference": "6Server-JBEAP-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el6eap.src as a component of Red Hat JBoss EAP 7.3 for RHEL 6 Server", "product_id": "6Server-JBEAP-7.3:eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el6eap.src" }, "product_reference": "eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el6eap.src", "relates_to_product_reference": "6Server-JBEAP-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el6eap.noarch as a component of Red Hat JBoss EAP 7.3 for RHEL 6 Server", "product_id": "6Server-JBEAP-7.3:eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el6eap.noarch" }, "product_reference": "eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el6eap.noarch", "relates_to_product_reference": "6Server-JBEAP-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el6eap.src as a component of Red Hat JBoss EAP 7.3 for RHEL 6 Server", "product_id": "6Server-JBEAP-7.3:eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el6eap.src" }, "product_reference": "eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el6eap.src", "relates_to_product_reference": "6Server-JBEAP-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el6eap.noarch as a component of Red Hat JBoss EAP 7.3 for RHEL 6 Server", "product_id": "6Server-JBEAP-7.3:eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el6eap.noarch" }, "product_reference": "eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el6eap.noarch", "relates_to_product_reference": "6Server-JBEAP-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el6eap.src as a component of Red Hat JBoss EAP 7.3 for RHEL 6 Server", "product_id": "6Server-JBEAP-7.3:eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el6eap.src" }, "product_reference": "eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el6eap.src", "relates_to_product_reference": "6Server-JBEAP-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jackson-datatype-jdk8-0:2.10.4-1.redhat_00001.1.el6eap.noarch as a component of Red Hat JBoss EAP 7.3 for RHEL 6 Server", "product_id": "6Server-JBEAP-7.3:eap7-jackson-datatype-jdk8-0:2.10.4-1.redhat_00001.1.el6eap.noarch" }, "product_reference": "eap7-jackson-datatype-jdk8-0:2.10.4-1.redhat_00001.1.el6eap.noarch", "relates_to_product_reference": "6Server-JBEAP-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jackson-datatype-jsr310-0:2.10.4-1.redhat_00001.1.el6eap.noarch as a component of Red Hat JBoss EAP 7.3 for RHEL 6 Server", "product_id": "6Server-JBEAP-7.3:eap7-jackson-datatype-jsr310-0:2.10.4-1.redhat_00001.1.el6eap.noarch" }, "product_reference": "eap7-jackson-datatype-jsr310-0:2.10.4-1.redhat_00001.1.el6eap.noarch", "relates_to_product_reference": "6Server-JBEAP-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jackson-jaxrs-base-0:2.10.4-1.redhat_00001.1.el6eap.noarch as a component of Red Hat JBoss EAP 7.3 for RHEL 6 Server", "product_id": "6Server-JBEAP-7.3:eap7-jackson-jaxrs-base-0:2.10.4-1.redhat_00001.1.el6eap.noarch" }, "product_reference": "eap7-jackson-jaxrs-base-0:2.10.4-1.redhat_00001.1.el6eap.noarch", "relates_to_product_reference": "6Server-JBEAP-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jackson-jaxrs-json-provider-0:2.10.4-1.redhat_00001.1.el6eap.noarch as a component of Red Hat JBoss EAP 7.3 for RHEL 6 Server", "product_id": "6Server-JBEAP-7.3:eap7-jackson-jaxrs-json-provider-0:2.10.4-1.redhat_00001.1.el6eap.noarch" }, "product_reference": "eap7-jackson-jaxrs-json-provider-0:2.10.4-1.redhat_00001.1.el6eap.noarch", "relates_to_product_reference": "6Server-JBEAP-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jackson-jaxrs-providers-0:2.10.4-1.redhat_00001.1.el6eap.src as a component of Red Hat JBoss EAP 7.3 for RHEL 6 Server", "product_id": "6Server-JBEAP-7.3:eap7-jackson-jaxrs-providers-0:2.10.4-1.redhat_00001.1.el6eap.src" }, "product_reference": "eap7-jackson-jaxrs-providers-0:2.10.4-1.redhat_00001.1.el6eap.src", "relates_to_product_reference": "6Server-JBEAP-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jackson-module-jaxb-annotations-0:2.10.4-1.redhat_00001.1.el6eap.noarch as a component of Red Hat JBoss EAP 7.3 for RHEL 6 Server", "product_id": "6Server-JBEAP-7.3:eap7-jackson-module-jaxb-annotations-0:2.10.4-1.redhat_00001.1.el6eap.noarch" }, "product_reference": "eap7-jackson-module-jaxb-annotations-0:2.10.4-1.redhat_00001.1.el6eap.noarch", "relates_to_product_reference": "6Server-JBEAP-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el6eap.noarch as a component of Red Hat JBoss EAP 7.3 for RHEL 6 Server", "product_id": "6Server-JBEAP-7.3:eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el6eap.noarch" }, "product_reference": "eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el6eap.noarch", "relates_to_product_reference": "6Server-JBEAP-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el6eap.src as a component of Red Hat JBoss EAP 7.3 for RHEL 6 Server", "product_id": "6Server-JBEAP-7.3:eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el6eap.src" }, "product_reference": "eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el6eap.src", "relates_to_product_reference": "6Server-JBEAP-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el6eap.noarch as a component of Red Hat JBoss EAP 7.3 for RHEL 6 Server", "product_id": "6Server-JBEAP-7.3:eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el6eap.noarch" }, "product_reference": "eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el6eap.noarch", "relates_to_product_reference": "6Server-JBEAP-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el6eap.src as a component of Red Hat JBoss EAP 7.3 for RHEL 6 Server", "product_id": "6Server-JBEAP-7.3:eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el6eap.src" }, "product_reference": "eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el6eap.src", "relates_to_product_reference": "6Server-JBEAP-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el6eap.noarch as a component of Red Hat JBoss EAP 7.3 for RHEL 6 Server", "product_id": "6Server-JBEAP-7.3:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el6eap.noarch" }, "product_reference": "eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el6eap.noarch", "relates_to_product_reference": "6Server-JBEAP-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el6eap.src as a component of Red Hat JBoss EAP 7.3 for RHEL 6 Server", "product_id": "6Server-JBEAP-7.3:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el6eap.src" }, "product_reference": "eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el6eap.src", "relates_to_product_reference": "6Server-JBEAP-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el6eap.noarch as a component of Red Hat JBoss EAP 7.3 for RHEL 6 Server", "product_id": "6Server-JBEAP-7.3:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el6eap.noarch" }, "product_reference": "eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el6eap.noarch", "relates_to_product_reference": "6Server-JBEAP-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el6eap.src as a component of Red Hat JBoss EAP 7.3 for RHEL 6 Server", "product_id": "6Server-JBEAP-7.3:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el6eap.src" }, "product_reference": "eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el6eap.src", "relates_to_product_reference": "6Server-JBEAP-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el6eap.noarch as a component of Red Hat JBoss EAP 7.3 for RHEL 6 Server", "product_id": "6Server-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el6eap.noarch" }, "product_reference": "eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el6eap.noarch", "relates_to_product_reference": "6Server-JBEAP-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el6eap.src as a component of Red Hat JBoss EAP 7.3 for RHEL 6 Server", "product_id": "6Server-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el6eap.src" }, "product_reference": "eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el6eap.src", "relates_to_product_reference": "6Server-JBEAP-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch as a component of Red Hat JBoss EAP 7.3 for RHEL 6 Server", "product_id": "6Server-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch" }, "product_reference": "eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "relates_to_product_reference": "6Server-JBEAP-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el6eap.src as a component of Red Hat JBoss EAP 7.3 for RHEL 6 Server", "product_id": "6Server-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el6eap.src" }, "product_reference": "eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el6eap.src", "relates_to_product_reference": "6Server-JBEAP-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jboss-server-migration-cli-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch as a component of Red Hat JBoss EAP 7.3 for RHEL 6 Server", "product_id": "6Server-JBEAP-7.3:eap7-jboss-server-migration-cli-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch" }, "product_reference": "eap7-jboss-server-migration-cli-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "relates_to_product_reference": "6Server-JBEAP-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jboss-server-migration-core-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch as a component of Red Hat JBoss EAP 7.3 for RHEL 6 Server", "product_id": "6Server-JBEAP-7.3:eap7-jboss-server-migration-core-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch" }, "product_reference": "eap7-jboss-server-migration-core-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "relates_to_product_reference": "6Server-JBEAP-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jboss-server-migration-eap6.4-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch as a component of Red Hat JBoss EAP 7.3 for RHEL 6 Server", "product_id": "6Server-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch" }, "product_reference": "eap7-jboss-server-migration-eap6.4-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "relates_to_product_reference": "6Server-JBEAP-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch as a component of Red Hat JBoss EAP 7.3 for RHEL 6 Server", "product_id": "6Server-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch" }, "product_reference": "eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "relates_to_product_reference": "6Server-JBEAP-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jboss-server-migration-eap7.0-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch as a component of Red Hat JBoss EAP 7.3 for RHEL 6 Server", "product_id": "6Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.0-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch" }, "product_reference": "eap7-jboss-server-migration-eap7.0-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "relates_to_product_reference": "6Server-JBEAP-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jboss-server-migration-eap7.1-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch as a component of Red Hat JBoss EAP 7.3 for RHEL 6 Server", "product_id": "6Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.1-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch" }, "product_reference": "eap7-jboss-server-migration-eap7.1-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "relates_to_product_reference": "6Server-JBEAP-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jboss-server-migration-eap7.2-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch as a component of Red Hat JBoss EAP 7.3 for RHEL 6 Server", "product_id": "6Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch" }, "product_reference": "eap7-jboss-server-migration-eap7.2-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "relates_to_product_reference": "6Server-JBEAP-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch as a component of Red Hat JBoss EAP 7.3 for RHEL 6 Server", "product_id": "6Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch" }, "product_reference": "eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "relates_to_product_reference": "6Server-JBEAP-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jboss-server-migration-eap7.3-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch as a component of Red Hat JBoss EAP 7.3 for RHEL 6 Server", "product_id": "6Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.3-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch" }, "product_reference": "eap7-jboss-server-migration-eap7.3-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "relates_to_product_reference": "6Server-JBEAP-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jboss-server-migration-wildfly10.0-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch as a component of Red Hat JBoss EAP 7.3 for RHEL 6 Server", "product_id": "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.0-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch" }, "product_reference": "eap7-jboss-server-migration-wildfly10.0-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "relates_to_product_reference": "6Server-JBEAP-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jboss-server-migration-wildfly10.1-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch as a component of Red Hat JBoss EAP 7.3 for RHEL 6 Server", "product_id": "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.1-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch" }, "product_reference": "eap7-jboss-server-migration-wildfly10.1-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "relates_to_product_reference": "6Server-JBEAP-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jboss-server-migration-wildfly11.0-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch as a component of Red Hat JBoss EAP 7.3 for RHEL 6 Server", "product_id": "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly11.0-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch" }, "product_reference": "eap7-jboss-server-migration-wildfly11.0-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "relates_to_product_reference": "6Server-JBEAP-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jboss-server-migration-wildfly12.0-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch as a component of Red Hat JBoss EAP 7.3 for RHEL 6 Server", "product_id": "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly12.0-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch" }, "product_reference": "eap7-jboss-server-migration-wildfly12.0-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "relates_to_product_reference": "6Server-JBEAP-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jboss-server-migration-wildfly13.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch as a component of Red Hat JBoss EAP 7.3 for RHEL 6 Server", "product_id": "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly13.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch" }, "product_reference": "eap7-jboss-server-migration-wildfly13.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "relates_to_product_reference": "6Server-JBEAP-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jboss-server-migration-wildfly14.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch as a component of Red Hat JBoss EAP 7.3 for RHEL 6 Server", "product_id": "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly14.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch" }, "product_reference": "eap7-jboss-server-migration-wildfly14.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "relates_to_product_reference": "6Server-JBEAP-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jboss-server-migration-wildfly15.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch as a component of Red Hat JBoss EAP 7.3 for RHEL 6 Server", "product_id": "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly15.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch" }, "product_reference": "eap7-jboss-server-migration-wildfly15.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "relates_to_product_reference": "6Server-JBEAP-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jboss-server-migration-wildfly16.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch as a component of Red Hat JBoss EAP 7.3 for RHEL 6 Server", "product_id": "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly16.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch" }, "product_reference": "eap7-jboss-server-migration-wildfly16.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "relates_to_product_reference": "6Server-JBEAP-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jboss-server-migration-wildfly17.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch as a component of Red Hat JBoss EAP 7.3 for RHEL 6 Server", "product_id": "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly17.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch" }, "product_reference": "eap7-jboss-server-migration-wildfly17.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "relates_to_product_reference": "6Server-JBEAP-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jboss-server-migration-wildfly18.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch as a component of Red Hat JBoss EAP 7.3 for RHEL 6 Server", "product_id": "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly18.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch" }, "product_reference": "eap7-jboss-server-migration-wildfly18.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "relates_to_product_reference": "6Server-JBEAP-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jboss-server-migration-wildfly8.2-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch as a component of Red Hat JBoss EAP 7.3 for RHEL 6 Server", "product_id": "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly8.2-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch" }, "product_reference": "eap7-jboss-server-migration-wildfly8.2-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "relates_to_product_reference": "6Server-JBEAP-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jboss-server-migration-wildfly9.0-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch as a component of Red Hat JBoss EAP 7.3 for RHEL 6 Server", "product_id": "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly9.0-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch" }, "product_reference": "eap7-jboss-server-migration-wildfly9.0-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "relates_to_product_reference": "6Server-JBEAP-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el6eap.noarch as a component of Red Hat JBoss EAP 7.3 for RHEL 6 Server", "product_id": "6Server-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el6eap.noarch" }, "product_reference": "eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el6eap.noarch", "relates_to_product_reference": "6Server-JBEAP-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el6eap.src as a component of Red Hat JBoss EAP 7.3 for RHEL 6 Server", "product_id": "6Server-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el6eap.src" }, "product_reference": "eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el6eap.src", "relates_to_product_reference": "6Server-JBEAP-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el6eap.noarch as a component of Red Hat JBoss EAP 7.3 for RHEL 6 Server", "product_id": "6Server-JBEAP-7.3:eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el6eap.noarch" }, "product_reference": "eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el6eap.noarch", "relates_to_product_reference": "6Server-JBEAP-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el6eap.src as a component of Red Hat JBoss EAP 7.3 for RHEL 6 Server", "product_id": "6Server-JBEAP-7.3:eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el6eap.src" }, "product_reference": "eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el6eap.src", "relates_to_product_reference": "6Server-JBEAP-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-netty-all-0:4.1.48-1.Final_redhat_00001.1.el6eap.noarch as a component of Red Hat JBoss EAP 7.3 for RHEL 6 Server", "product_id": "6Server-JBEAP-7.3:eap7-netty-all-0:4.1.48-1.Final_redhat_00001.1.el6eap.noarch" }, "product_reference": "eap7-netty-all-0:4.1.48-1.Final_redhat_00001.1.el6eap.noarch", "relates_to_product_reference": "6Server-JBEAP-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el6eap.noarch as a component of Red Hat JBoss EAP 7.3 for RHEL 6 Server", "product_id": "6Server-JBEAP-7.3:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el6eap.noarch" }, "product_reference": "eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el6eap.noarch", "relates_to_product_reference": "6Server-JBEAP-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el6eap.src as a component of Red Hat JBoss EAP 7.3 for RHEL 6 Server", "product_id": "6Server-JBEAP-7.3:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el6eap.src" }, "product_reference": "eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el6eap.src", "relates_to_product_reference": "6Server-JBEAP-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-undertow-server-0:1.6.2-1.Final_redhat_00001.1.el6eap.noarch as a component of Red Hat JBoss EAP 7.3 for RHEL 6 Server", "product_id": "6Server-JBEAP-7.3:eap7-undertow-server-0:1.6.2-1.Final_redhat_00001.1.el6eap.noarch" }, "product_reference": "eap7-undertow-server-0:1.6.2-1.Final_redhat_00001.1.el6eap.noarch", "relates_to_product_reference": "6Server-JBEAP-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el6eap.noarch as a component of Red Hat JBoss EAP 7.3 for RHEL 6 Server", "product_id": "6Server-JBEAP-7.3:eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el6eap.noarch" }, "product_reference": "eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el6eap.noarch", "relates_to_product_reference": "6Server-JBEAP-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el6eap.src as a component of Red Hat JBoss EAP 7.3 for RHEL 6 Server", "product_id": "6Server-JBEAP-7.3:eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el6eap.src" }, "product_reference": "eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el6eap.src", "relates_to_product_reference": "6Server-JBEAP-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el6eap.noarch as a component of Red Hat JBoss EAP 7.3 for RHEL 6 Server", "product_id": "6Server-JBEAP-7.3:eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el6eap.noarch" }, "product_reference": "eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el6eap.noarch", "relates_to_product_reference": "6Server-JBEAP-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el6eap.src as a component of Red Hat JBoss EAP 7.3 for RHEL 6 Server", "product_id": "6Server-JBEAP-7.3:eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el6eap.src" }, "product_reference": "eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el6eap.src", "relates_to_product_reference": "6Server-JBEAP-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el6eap.noarch as a component of Red Hat JBoss EAP 7.3 for RHEL 6 Server", "product_id": "6Server-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el6eap.noarch" }, "product_reference": "eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el6eap.noarch", "relates_to_product_reference": "6Server-JBEAP-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el6eap.src as a component of Red Hat JBoss EAP 7.3 for RHEL 6 Server", "product_id": "6Server-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el6eap.src" }, "product_reference": "eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el6eap.src", "relates_to_product_reference": "6Server-JBEAP-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-wildfly-elytron-tool-0:1.10.7-1.Final_redhat_00001.1.el6eap.noarch as a component of Red Hat JBoss EAP 7.3 for RHEL 6 Server", "product_id": "6Server-JBEAP-7.3:eap7-wildfly-elytron-tool-0:1.10.7-1.Final_redhat_00001.1.el6eap.noarch" }, "product_reference": "eap7-wildfly-elytron-tool-0:1.10.7-1.Final_redhat_00001.1.el6eap.noarch", "relates_to_product_reference": "6Server-JBEAP-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.src as a component of Red Hat JBoss EAP 7.3 for RHEL 6 Server", "product_id": "6Server-JBEAP-7.3:eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.src" }, "product_reference": "eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.src", "relates_to_product_reference": "6Server-JBEAP-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch as a component of Red Hat JBoss EAP 7.3 for RHEL 6 Server", "product_id": "6Server-JBEAP-7.3:eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch" }, "product_reference": "eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch", "relates_to_product_reference": "6Server-JBEAP-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch as a component of Red Hat JBoss EAP 7.3 for RHEL 6 Server", "product_id": "6Server-JBEAP-7.3:eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch" }, "product_reference": "eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch", "relates_to_product_reference": "6Server-JBEAP-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch as a component of Red Hat JBoss EAP 7.3 for RHEL 6 Server", "product_id": "6Server-JBEAP-7.3:eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch" }, "product_reference": "eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch", "relates_to_product_reference": "6Server-JBEAP-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch as a component of Red Hat JBoss EAP 7.3 for RHEL 6 Server", "product_id": "6Server-JBEAP-7.3:eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch" }, "product_reference": "eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch", "relates_to_product_reference": "6Server-JBEAP-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-wildfly-javadocs-0:7.3.2-4.GA_redhat_00002.1.el6eap.noarch as a component of Red Hat JBoss EAP 7.3 for RHEL 6 Server", "product_id": "6Server-JBEAP-7.3:eap7-wildfly-javadocs-0:7.3.2-4.GA_redhat_00002.1.el6eap.noarch" }, "product_reference": "eap7-wildfly-javadocs-0:7.3.2-4.GA_redhat_00002.1.el6eap.noarch", "relates_to_product_reference": "6Server-JBEAP-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-wildfly-modules-0:7.3.2-4.GA_redhat_00002.1.el6eap.noarch as a component of Red Hat JBoss EAP 7.3 for RHEL 6 Server", "product_id": "6Server-JBEAP-7.3:eap7-wildfly-modules-0:7.3.2-4.GA_redhat_00002.1.el6eap.noarch" }, "product_reference": "eap7-wildfly-modules-0:7.3.2-4.GA_redhat_00002.1.el6eap.noarch", "relates_to_product_reference": "6Server-JBEAP-7.3" } ] }, "vulnerabilities": [ { "acknowledgments": [ { "names": [ "Guillaume Smet" ], "organization": "Red Hat", "summary": "This issue was discovered by Red Hat." } ], "cve": "CVE-2019-14900", "cwe": { "id": "CWE-89", "name": "Improper Neutralization of Special Elements used in an SQL Command (\u0027SQL Injection\u0027)" }, "discovery_date": "2019-01-15T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1666499" } ], "notes": [ { "category": "description", "text": "A flaw was found in Hibernate ORM. A SQL injection in the implementation of the JPA Criteria API can permit unsanitized literals when a literal is used in the SELECT or GROUP BY parts of the query. This flaw could allow an attacker to access unauthorized information or possibly conduct further attacks.", "title": "Vulnerability description" }, { "category": "summary", "text": "hibernate: SQL injection issue in Hibernate ORM", "title": "Vulnerability summary" }, { "category": "other", "text": "OpenDaylight:\nIn RHOSP10, RHOSP13 and RHOSP14 editions of Red Hat OpenStack platform, the hibernate-jfa library shipped with OpenDaylight is contains a flaw in the processing of SQL queries. The hibernate-jha implemenation is not used in a vulnerable way in OpenDaylight, preventing the potential for SQL injection.\n\nRed Hat Satellite 6.2, 6.3 and 6.4 contains affected versions of hibernate-core in its candlepin component. However, that component does not use hibernate-core in a vulnerable way.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "6Server-JBEAP-7.3:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-elytron-web-0:1.6.2-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-infinispan-cachestore-jdbc-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-infinispan-cachestore-remote-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-infinispan-client-hotrod-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-infinispan-commons-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-infinispan-core-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-infinispan-hibernate-cache-commons-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-infinispan-hibernate-cache-spi-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-infinispan-hibernate-cache-v53-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-jackson-datatype-jdk8-0:2.10.4-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-datatype-jsr310-0:2.10.4-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-jaxrs-base-0:2.10.4-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-jaxrs-json-provider-0:2.10.4-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-jaxrs-providers-0:2.10.4-1.redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-jackson-module-jaxb-annotations-0:2.10.4-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el6eap.src", "6Server-JBEAP-7.3:eap7-jboss-server-migration-cli-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-core-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.0-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.1-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.3-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.0-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.1-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly11.0-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly12.0-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly13.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly14.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly15.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly16.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly17.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly18.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly8.2-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly9.0-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-netty-all-0:4.1.48-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-undertow-server-0:1.6.2-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el6eap.src", "6Server-JBEAP-7.3:eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el6eap.src", "6Server-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-wildfly-elytron-tool-0:1.10.7-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-javadocs-0:7.3.2-4.GA_redhat_00002.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-modules-0:7.3.2-4.GA_redhat_00002.1.el6eap.noarch" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2019-14900" }, { "category": "external", "summary": "RHBZ#1666499", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1666499" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2019-14900", "url": "https://www.cve.org/CVERecord?id=CVE-2019-14900" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2019-14900", "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-14900" } ], "release_date": "2020-05-12T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2020-08-17T13:28:01+00:00", "details": "Before applying this update, ensure all previously released errata relevant to your system have been applied.\n\nFor details about how to apply this update, see:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "6Server-JBEAP-7.3:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-elytron-web-0:1.6.2-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-infinispan-cachestore-jdbc-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-infinispan-cachestore-remote-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-infinispan-client-hotrod-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-infinispan-commons-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-infinispan-core-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-infinispan-hibernate-cache-commons-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-infinispan-hibernate-cache-spi-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-infinispan-hibernate-cache-v53-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-jackson-datatype-jdk8-0:2.10.4-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-datatype-jsr310-0:2.10.4-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-jaxrs-base-0:2.10.4-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-jaxrs-json-provider-0:2.10.4-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-jaxrs-providers-0:2.10.4-1.redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-jackson-module-jaxb-annotations-0:2.10.4-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el6eap.src", "6Server-JBEAP-7.3:eap7-jboss-server-migration-cli-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-core-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.0-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.1-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.3-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.0-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.1-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly11.0-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly12.0-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly13.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly14.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly15.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly16.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly17.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly18.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly8.2-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly9.0-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-netty-all-0:4.1.48-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-undertow-server-0:1.6.2-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el6eap.src", "6Server-JBEAP-7.3:eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el6eap.src", "6Server-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-wildfly-elytron-tool-0:1.10.7-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-javadocs-0:7.3.2-4.GA_redhat_00002.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-modules-0:7.3.2-4.GA_redhat_00002.1.el6eap.noarch" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2020:3461" }, { "category": "workaround", "details": "There is no currently known mitigation for this flaw.", "product_ids": [ "6Server-JBEAP-7.3:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-elytron-web-0:1.6.2-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-infinispan-cachestore-jdbc-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-infinispan-cachestore-remote-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-infinispan-client-hotrod-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-infinispan-commons-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-infinispan-core-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-infinispan-hibernate-cache-commons-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-infinispan-hibernate-cache-spi-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-infinispan-hibernate-cache-v53-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-jackson-datatype-jdk8-0:2.10.4-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-datatype-jsr310-0:2.10.4-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-jaxrs-base-0:2.10.4-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-jaxrs-json-provider-0:2.10.4-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-jaxrs-providers-0:2.10.4-1.redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-jackson-module-jaxb-annotations-0:2.10.4-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el6eap.src", "6Server-JBEAP-7.3:eap7-jboss-server-migration-cli-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-core-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.0-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.1-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.3-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.0-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.1-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly11.0-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly12.0-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly13.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly14.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly15.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly16.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly17.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly18.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly8.2-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly9.0-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-netty-all-0:4.1.48-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-undertow-server-0:1.6.2-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el6eap.src", "6Server-JBEAP-7.3:eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el6eap.src", "6Server-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-wildfly-elytron-tool-0:1.10.7-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-javadocs-0:7.3.2-4.GA_redhat_00002.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-modules-0:7.3.2-4.GA_redhat_00002.1.el6eap.noarch" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "version": "3.1" }, "products": [ "6Server-JBEAP-7.3:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-elytron-web-0:1.6.2-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-infinispan-cachestore-jdbc-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-infinispan-cachestore-remote-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-infinispan-client-hotrod-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-infinispan-commons-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-infinispan-core-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-infinispan-hibernate-cache-commons-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-infinispan-hibernate-cache-spi-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-infinispan-hibernate-cache-v53-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-jackson-datatype-jdk8-0:2.10.4-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-datatype-jsr310-0:2.10.4-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-jaxrs-base-0:2.10.4-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-jaxrs-json-provider-0:2.10.4-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-jaxrs-providers-0:2.10.4-1.redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-jackson-module-jaxb-annotations-0:2.10.4-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el6eap.src", "6Server-JBEAP-7.3:eap7-jboss-server-migration-cli-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-core-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.0-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.1-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.3-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.0-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.1-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly11.0-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly12.0-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly13.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly14.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly15.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly16.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly17.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly18.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly8.2-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly9.0-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-netty-all-0:4.1.48-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-undertow-server-0:1.6.2-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el6eap.src", "6Server-JBEAP-7.3:eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el6eap.src", "6Server-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-wildfly-elytron-tool-0:1.10.7-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-javadocs-0:7.3.2-4.GA_redhat_00002.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-modules-0:7.3.2-4.GA_redhat_00002.1.el6eap.noarch" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "hibernate: SQL injection issue in Hibernate ORM" }, { "cve": "CVE-2020-1710", "cwe": { "id": "CWE-113", "name": "Improper Neutralization of CRLF Sequences in HTTP Headers (\u0027HTTP Request/Response Splitting\u0027)" }, "discovery_date": "2019-12-20T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1793970" } ], "notes": [ { "category": "description", "text": "A flaw was discovered in JBoss EAP, where it does not process the header field-name in accordance with RFC7230. Whitespace between the header field-name and colon is processed, resulting in an HTTP response code of 200 instead of a bad request of 400.", "title": "Vulnerability description" }, { "category": "summary", "text": "EAP: field-name is not parsed in accordance to RFC7230", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "6Server-JBEAP-7.3:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-elytron-web-0:1.6.2-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-infinispan-cachestore-jdbc-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-infinispan-cachestore-remote-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-infinispan-client-hotrod-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-infinispan-commons-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-infinispan-core-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-infinispan-hibernate-cache-commons-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-infinispan-hibernate-cache-spi-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-infinispan-hibernate-cache-v53-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-jackson-datatype-jdk8-0:2.10.4-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-datatype-jsr310-0:2.10.4-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-jaxrs-base-0:2.10.4-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-jaxrs-json-provider-0:2.10.4-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-jaxrs-providers-0:2.10.4-1.redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-jackson-module-jaxb-annotations-0:2.10.4-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el6eap.src", "6Server-JBEAP-7.3:eap7-jboss-server-migration-cli-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-core-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.0-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.1-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.3-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.0-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.1-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly11.0-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly12.0-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly13.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly14.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly15.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly16.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly17.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly18.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly8.2-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly9.0-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-netty-all-0:4.1.48-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-undertow-server-0:1.6.2-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el6eap.src", "6Server-JBEAP-7.3:eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el6eap.src", "6Server-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-wildfly-elytron-tool-0:1.10.7-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-javadocs-0:7.3.2-4.GA_redhat_00002.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-modules-0:7.3.2-4.GA_redhat_00002.1.el6eap.noarch" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2020-1710" }, { "category": "external", "summary": "RHBZ#1793970", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1793970" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2020-1710", "url": "https://www.cve.org/CVERecord?id=CVE-2020-1710" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-1710", "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-1710" } ], "release_date": "2020-08-06T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2020-08-17T13:28:01+00:00", "details": "Before applying this update, ensure all previously released errata relevant to your system have been applied.\n\nFor details about how to apply this update, see:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "6Server-JBEAP-7.3:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-elytron-web-0:1.6.2-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-infinispan-cachestore-jdbc-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-infinispan-cachestore-remote-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-infinispan-client-hotrod-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-infinispan-commons-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-infinispan-core-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-infinispan-hibernate-cache-commons-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-infinispan-hibernate-cache-spi-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-infinispan-hibernate-cache-v53-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-jackson-datatype-jdk8-0:2.10.4-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-datatype-jsr310-0:2.10.4-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-jaxrs-base-0:2.10.4-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-jaxrs-json-provider-0:2.10.4-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-jaxrs-providers-0:2.10.4-1.redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-jackson-module-jaxb-annotations-0:2.10.4-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el6eap.src", "6Server-JBEAP-7.3:eap7-jboss-server-migration-cli-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-core-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.0-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.1-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.3-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.0-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.1-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly11.0-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly12.0-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly13.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly14.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly15.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly16.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly17.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly18.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly8.2-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly9.0-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-netty-all-0:4.1.48-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-undertow-server-0:1.6.2-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el6eap.src", "6Server-JBEAP-7.3:eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el6eap.src", "6Server-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-wildfly-elytron-tool-0:1.10.7-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-javadocs-0:7.3.2-4.GA_redhat_00002.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-modules-0:7.3.2-4.GA_redhat_00002.1.el6eap.noarch" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2020:3461" }, { "category": "workaround", "details": "There is currently no known mitigation for this issue.", "product_ids": [ "6Server-JBEAP-7.3:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-elytron-web-0:1.6.2-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-infinispan-cachestore-jdbc-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-infinispan-cachestore-remote-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-infinispan-client-hotrod-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-infinispan-commons-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-infinispan-core-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-infinispan-hibernate-cache-commons-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-infinispan-hibernate-cache-spi-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-infinispan-hibernate-cache-v53-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-jackson-datatype-jdk8-0:2.10.4-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-datatype-jsr310-0:2.10.4-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-jaxrs-base-0:2.10.4-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-jaxrs-json-provider-0:2.10.4-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-jaxrs-providers-0:2.10.4-1.redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-jackson-module-jaxb-annotations-0:2.10.4-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el6eap.src", "6Server-JBEAP-7.3:eap7-jboss-server-migration-cli-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-core-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.0-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.1-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.3-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.0-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.1-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly11.0-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly12.0-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly13.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly14.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly15.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly16.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly17.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly18.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly8.2-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly9.0-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-netty-all-0:4.1.48-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-undertow-server-0:1.6.2-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el6eap.src", "6Server-JBEAP-7.3:eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el6eap.src", "6Server-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-wildfly-elytron-tool-0:1.10.7-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-javadocs-0:7.3.2-4.GA_redhat_00002.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-modules-0:7.3.2-4.GA_redhat_00002.1.el6eap.noarch" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", "version": "3.1" }, "products": [ "6Server-JBEAP-7.3:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-elytron-web-0:1.6.2-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-infinispan-cachestore-jdbc-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-infinispan-cachestore-remote-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-infinispan-client-hotrod-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-infinispan-commons-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-infinispan-core-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-infinispan-hibernate-cache-commons-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-infinispan-hibernate-cache-spi-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-infinispan-hibernate-cache-v53-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-jackson-datatype-jdk8-0:2.10.4-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-datatype-jsr310-0:2.10.4-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-jaxrs-base-0:2.10.4-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-jaxrs-json-provider-0:2.10.4-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-jaxrs-providers-0:2.10.4-1.redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-jackson-module-jaxb-annotations-0:2.10.4-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el6eap.src", "6Server-JBEAP-7.3:eap7-jboss-server-migration-cli-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-core-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.0-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.1-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.3-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.0-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.1-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly11.0-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly12.0-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly13.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly14.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly15.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly16.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly17.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly18.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly8.2-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly9.0-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-netty-all-0:4.1.48-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-undertow-server-0:1.6.2-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el6eap.src", "6Server-JBEAP-7.3:eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el6eap.src", "6Server-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-wildfly-elytron-tool-0:1.10.7-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-javadocs-0:7.3.2-4.GA_redhat_00002.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-modules-0:7.3.2-4.GA_redhat_00002.1.el6eap.noarch" ] } ], "threats": [ { "category": "impact", "details": "Important" } ], "title": "EAP: field-name is not parsed in accordance to RFC7230" }, { "cve": "CVE-2020-1748", "cwe": { "id": "CWE-285", "name": "Improper Authorization" }, "discovery_date": "2020-02-26T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1807707" } ], "notes": [ { "category": "description", "text": "A flaw was found in Wildfly, where the WildFlySecurityManager checks were bypassed when using custom security managers, resulting in an improper authorization. This flaw leads to information exposure by unauthenticated access to secure resources.", "title": "Vulnerability description" }, { "category": "summary", "text": "Wildfly: Improper authorization issue in WildFlySecurityManager when using alternative protection domain", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "6Server-JBEAP-7.3:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-elytron-web-0:1.6.2-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-infinispan-cachestore-jdbc-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-infinispan-cachestore-remote-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-infinispan-client-hotrod-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-infinispan-commons-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-infinispan-core-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-infinispan-hibernate-cache-commons-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-infinispan-hibernate-cache-spi-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-infinispan-hibernate-cache-v53-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-jackson-datatype-jdk8-0:2.10.4-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-datatype-jsr310-0:2.10.4-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-jaxrs-base-0:2.10.4-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-jaxrs-json-provider-0:2.10.4-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-jaxrs-providers-0:2.10.4-1.redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-jackson-module-jaxb-annotations-0:2.10.4-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el6eap.src", "6Server-JBEAP-7.3:eap7-jboss-server-migration-cli-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-core-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.0-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.1-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.3-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.0-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.1-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly11.0-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly12.0-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly13.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly14.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly15.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly16.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly17.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly18.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly8.2-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly9.0-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-netty-all-0:4.1.48-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-undertow-server-0:1.6.2-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el6eap.src", "6Server-JBEAP-7.3:eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el6eap.src", "6Server-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-wildfly-elytron-tool-0:1.10.7-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-javadocs-0:7.3.2-4.GA_redhat_00002.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-modules-0:7.3.2-4.GA_redhat_00002.1.el6eap.noarch" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2020-1748" }, { "category": "external", "summary": "RHBZ#1807707", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1807707" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2020-1748", "url": "https://www.cve.org/CVERecord?id=CVE-2020-1748" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-1748", "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-1748" } ], "release_date": "2020-08-06T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2020-08-17T13:28:01+00:00", "details": "Before applying this update, ensure all previously released errata relevant to your system have been applied.\n\nFor details about how to apply this update, see:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "6Server-JBEAP-7.3:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-elytron-web-0:1.6.2-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-infinispan-cachestore-jdbc-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-infinispan-cachestore-remote-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-infinispan-client-hotrod-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-infinispan-commons-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-infinispan-core-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-infinispan-hibernate-cache-commons-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-infinispan-hibernate-cache-spi-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-infinispan-hibernate-cache-v53-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-jackson-datatype-jdk8-0:2.10.4-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-datatype-jsr310-0:2.10.4-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-jaxrs-base-0:2.10.4-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-jaxrs-json-provider-0:2.10.4-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-jaxrs-providers-0:2.10.4-1.redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-jackson-module-jaxb-annotations-0:2.10.4-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el6eap.src", "6Server-JBEAP-7.3:eap7-jboss-server-migration-cli-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-core-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.0-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.1-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.3-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.0-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.1-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly11.0-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly12.0-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly13.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly14.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly15.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly16.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly17.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly18.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly8.2-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly9.0-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-netty-all-0:4.1.48-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-undertow-server-0:1.6.2-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el6eap.src", "6Server-JBEAP-7.3:eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el6eap.src", "6Server-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-wildfly-elytron-tool-0:1.10.7-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-javadocs-0:7.3.2-4.GA_redhat_00002.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-modules-0:7.3.2-4.GA_redhat_00002.1.el6eap.noarch" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2020:3461" } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 4.8, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N", "version": "3.1" }, "products": [ "6Server-JBEAP-7.3:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-elytron-web-0:1.6.2-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-infinispan-cachestore-jdbc-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-infinispan-cachestore-remote-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-infinispan-client-hotrod-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-infinispan-commons-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-infinispan-core-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-infinispan-hibernate-cache-commons-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-infinispan-hibernate-cache-spi-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-infinispan-hibernate-cache-v53-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-jackson-datatype-jdk8-0:2.10.4-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-datatype-jsr310-0:2.10.4-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-jaxrs-base-0:2.10.4-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-jaxrs-json-provider-0:2.10.4-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-jaxrs-providers-0:2.10.4-1.redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-jackson-module-jaxb-annotations-0:2.10.4-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el6eap.src", "6Server-JBEAP-7.3:eap7-jboss-server-migration-cli-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-core-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.0-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.1-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.3-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.0-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.1-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly11.0-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly12.0-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly13.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly14.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly15.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly16.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly17.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly18.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly8.2-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly9.0-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-netty-all-0:4.1.48-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-undertow-server-0:1.6.2-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el6eap.src", "6Server-JBEAP-7.3:eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el6eap.src", "6Server-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-wildfly-elytron-tool-0:1.10.7-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-javadocs-0:7.3.2-4.GA_redhat_00002.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-modules-0:7.3.2-4.GA_redhat_00002.1.el6eap.noarch" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "Wildfly: Improper authorization issue in WildFlySecurityManager when using alternative protection domain" }, { "cve": "CVE-2020-10672", "cwe": { "id": "CWE-96", "name": "Improper Neutralization of Directives in Statically Saved Code (\u0027Static Code Injection\u0027)" }, "discovery_date": "2020-03-19T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1815495" } ], "notes": [ { "category": "description", "text": "A flaw was found in jackson-databind 2.x in versions prior to 2.9.10.4. FasterXML jackson-databind 2.x mishandles the interaction between serialization gadgets and typing. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.", "title": "Vulnerability description" }, { "category": "summary", "text": "jackson-databind: mishandles the interaction between serialization gadgets and typing which could result in remote command execution", "title": "Vulnerability summary" }, { "category": "other", "text": "Red Hat OpenStack Platform ships OpenDaylight, which contains the vulnerable jackson-databind. However, OpenDaylight does not expose jackson-databind in a way that would make it vulnerable, lowering the impact of the vulnerability for OpenDaylight. As such, Red Hat will not be providing a fix for OpenDaylight at this time.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "6Server-JBEAP-7.3:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-elytron-web-0:1.6.2-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-infinispan-cachestore-jdbc-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-infinispan-cachestore-remote-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-infinispan-client-hotrod-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-infinispan-commons-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-infinispan-core-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-infinispan-hibernate-cache-commons-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-infinispan-hibernate-cache-spi-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-infinispan-hibernate-cache-v53-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-jackson-datatype-jdk8-0:2.10.4-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-datatype-jsr310-0:2.10.4-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-jaxrs-base-0:2.10.4-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-jaxrs-json-provider-0:2.10.4-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-jaxrs-providers-0:2.10.4-1.redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-jackson-module-jaxb-annotations-0:2.10.4-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el6eap.src", "6Server-JBEAP-7.3:eap7-jboss-server-migration-cli-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-core-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.0-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.1-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.3-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.0-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.1-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly11.0-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly12.0-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly13.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly14.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly15.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly16.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly17.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly18.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly8.2-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly9.0-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-netty-all-0:4.1.48-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-undertow-server-0:1.6.2-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el6eap.src", "6Server-JBEAP-7.3:eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el6eap.src", "6Server-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-wildfly-elytron-tool-0:1.10.7-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-javadocs-0:7.3.2-4.GA_redhat_00002.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-modules-0:7.3.2-4.GA_redhat_00002.1.el6eap.noarch" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2020-10672" }, { "category": "external", "summary": "RHBZ#1815495", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1815495" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2020-10672", "url": "https://www.cve.org/CVERecord?id=CVE-2020-10672" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-10672", "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-10672" } ], "release_date": "2020-03-15T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2020-08-17T13:28:01+00:00", "details": "Before applying this update, ensure all previously released errata relevant to your system have been applied.\n\nFor details about how to apply this update, see:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "6Server-JBEAP-7.3:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-elytron-web-0:1.6.2-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-infinispan-cachestore-jdbc-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-infinispan-cachestore-remote-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-infinispan-client-hotrod-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-infinispan-commons-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-infinispan-core-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-infinispan-hibernate-cache-commons-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-infinispan-hibernate-cache-spi-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-infinispan-hibernate-cache-v53-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-jackson-datatype-jdk8-0:2.10.4-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-datatype-jsr310-0:2.10.4-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-jaxrs-base-0:2.10.4-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-jaxrs-json-provider-0:2.10.4-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-jaxrs-providers-0:2.10.4-1.redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-jackson-module-jaxb-annotations-0:2.10.4-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el6eap.src", "6Server-JBEAP-7.3:eap7-jboss-server-migration-cli-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-core-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.0-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.1-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.3-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.0-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.1-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly11.0-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly12.0-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly13.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly14.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly15.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly16.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly17.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly18.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly8.2-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly9.0-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-netty-all-0:4.1.48-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-undertow-server-0:1.6.2-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el6eap.src", "6Server-JBEAP-7.3:eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el6eap.src", "6Server-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-wildfly-elytron-tool-0:1.10.7-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-javadocs-0:7.3.2-4.GA_redhat_00002.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-modules-0:7.3.2-4.GA_redhat_00002.1.el6eap.noarch" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2020:3461" } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.1, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "6Server-JBEAP-7.3:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-elytron-web-0:1.6.2-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-infinispan-cachestore-jdbc-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-infinispan-cachestore-remote-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-infinispan-client-hotrod-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-infinispan-commons-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-infinispan-core-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-infinispan-hibernate-cache-commons-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-infinispan-hibernate-cache-spi-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-infinispan-hibernate-cache-v53-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-jackson-datatype-jdk8-0:2.10.4-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-datatype-jsr310-0:2.10.4-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-jaxrs-base-0:2.10.4-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-jaxrs-json-provider-0:2.10.4-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-jaxrs-providers-0:2.10.4-1.redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-jackson-module-jaxb-annotations-0:2.10.4-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el6eap.src", "6Server-JBEAP-7.3:eap7-jboss-server-migration-cli-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-core-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.0-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.1-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.3-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.0-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.1-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly11.0-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly12.0-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly13.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly14.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly15.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly16.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly17.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly18.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly8.2-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly9.0-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-netty-all-0:4.1.48-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-undertow-server-0:1.6.2-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el6eap.src", "6Server-JBEAP-7.3:eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el6eap.src", "6Server-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-wildfly-elytron-tool-0:1.10.7-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-javadocs-0:7.3.2-4.GA_redhat_00002.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-modules-0:7.3.2-4.GA_redhat_00002.1.el6eap.noarch" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "jackson-databind: mishandles the interaction between serialization gadgets and typing which could result in remote command execution" }, { "cve": "CVE-2020-10673", "cwe": { "id": "CWE-96", "name": "Improper Neutralization of Directives in Statically Saved Code (\u0027Static Code Injection\u0027)" }, "discovery_date": "2020-03-19T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1815470" } ], "notes": [ { "category": "description", "text": "A flaw was found in jackson-databind 2.x in versions prior to 2.9.10.4. FasterXML jackson-databind 2.x mishandles the interaction between serialization gadgets and typing. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.", "title": "Vulnerability description" }, { "category": "summary", "text": "jackson-databind: mishandles the interaction between serialization gadgets and typing which could result in remote command execution", "title": "Vulnerability summary" }, { "category": "other", "text": "Red Hat OpenStack Platform ships OpenDaylight, which contains the vulnerable jackson-databind. However, OpenDaylight does not expose jackson-databind in a way that would make it vulnerable, lowering the impact of the vulnerability for OpenDaylight. As such, Red Hat will not be providing a fix for OpenDaylight at this time. Additionally, the gadget is not available within Red Hat Openstack Platform\u0027s OpenDaylight.\n\nWhile OpenShift Container Platform\u0027s elasticsearch plugins do ship the vulnerable component, it doesn\u0027t do any of the unsafe things described in https://access.redhat.com/solutions/3279231. We may update the jackson-databind dependency in a future release.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "6Server-JBEAP-7.3:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-elytron-web-0:1.6.2-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-infinispan-cachestore-jdbc-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-infinispan-cachestore-remote-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-infinispan-client-hotrod-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-infinispan-commons-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-infinispan-core-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-infinispan-hibernate-cache-commons-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-infinispan-hibernate-cache-spi-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-infinispan-hibernate-cache-v53-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-jackson-datatype-jdk8-0:2.10.4-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-datatype-jsr310-0:2.10.4-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-jaxrs-base-0:2.10.4-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-jaxrs-json-provider-0:2.10.4-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-jaxrs-providers-0:2.10.4-1.redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-jackson-module-jaxb-annotations-0:2.10.4-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el6eap.src", "6Server-JBEAP-7.3:eap7-jboss-server-migration-cli-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-core-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.0-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.1-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.3-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.0-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.1-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly11.0-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly12.0-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly13.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly14.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly15.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly16.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly17.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly18.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly8.2-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly9.0-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-netty-all-0:4.1.48-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-undertow-server-0:1.6.2-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el6eap.src", "6Server-JBEAP-7.3:eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el6eap.src", "6Server-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-wildfly-elytron-tool-0:1.10.7-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-javadocs-0:7.3.2-4.GA_redhat_00002.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-modules-0:7.3.2-4.GA_redhat_00002.1.el6eap.noarch" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2020-10673" }, { "category": "external", "summary": "RHBZ#1815470", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1815470" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2020-10673", "url": "https://www.cve.org/CVERecord?id=CVE-2020-10673" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-10673", "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-10673" } ], "release_date": "2020-03-18T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2020-08-17T13:28:01+00:00", "details": "Before applying this update, ensure all previously released errata relevant to your system have been applied.\n\nFor details about how to apply this update, see:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "6Server-JBEAP-7.3:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-elytron-web-0:1.6.2-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-infinispan-cachestore-jdbc-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-infinispan-cachestore-remote-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-infinispan-client-hotrod-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-infinispan-commons-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-infinispan-core-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-infinispan-hibernate-cache-commons-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-infinispan-hibernate-cache-spi-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-infinispan-hibernate-cache-v53-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-jackson-datatype-jdk8-0:2.10.4-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-datatype-jsr310-0:2.10.4-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-jaxrs-base-0:2.10.4-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-jaxrs-json-provider-0:2.10.4-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-jaxrs-providers-0:2.10.4-1.redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-jackson-module-jaxb-annotations-0:2.10.4-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el6eap.src", "6Server-JBEAP-7.3:eap7-jboss-server-migration-cli-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-core-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.0-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.1-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.3-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.0-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.1-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly11.0-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly12.0-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly13.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly14.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly15.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly16.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly17.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly18.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly8.2-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly9.0-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-netty-all-0:4.1.48-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-undertow-server-0:1.6.2-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el6eap.src", "6Server-JBEAP-7.3:eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el6eap.src", "6Server-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-wildfly-elytron-tool-0:1.10.7-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-javadocs-0:7.3.2-4.GA_redhat_00002.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-modules-0:7.3.2-4.GA_redhat_00002.1.el6eap.noarch" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2020:3461" } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 5.6, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L", "version": "3.1" }, "products": [ "6Server-JBEAP-7.3:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-elytron-web-0:1.6.2-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-infinispan-cachestore-jdbc-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-infinispan-cachestore-remote-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-infinispan-client-hotrod-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-infinispan-commons-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-infinispan-core-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-infinispan-hibernate-cache-commons-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-infinispan-hibernate-cache-spi-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-infinispan-hibernate-cache-v53-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-jackson-datatype-jdk8-0:2.10.4-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-datatype-jsr310-0:2.10.4-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-jaxrs-base-0:2.10.4-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-jaxrs-json-provider-0:2.10.4-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-jaxrs-providers-0:2.10.4-1.redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-jackson-module-jaxb-annotations-0:2.10.4-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el6eap.src", "6Server-JBEAP-7.3:eap7-jboss-server-migration-cli-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-core-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.0-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.1-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.3-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.0-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.1-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly11.0-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly12.0-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly13.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly14.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly15.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly16.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly17.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly18.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly8.2-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly9.0-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-netty-all-0:4.1.48-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-undertow-server-0:1.6.2-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el6eap.src", "6Server-JBEAP-7.3:eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el6eap.src", "6Server-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-wildfly-elytron-tool-0:1.10.7-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-javadocs-0:7.3.2-4.GA_redhat_00002.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-modules-0:7.3.2-4.GA_redhat_00002.1.el6eap.noarch" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "jackson-databind: mishandles the interaction between serialization gadgets and typing which could result in remote command execution" }, { "acknowledgments": [ { "names": [ "Adith Sudhakar" ] } ], "cve": "CVE-2020-10683", "cwe": { "id": "CWE-611", "name": "Improper Restriction of XML External Entity Reference" }, "discovery_date": "2019-03-28T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1694235" } ], "notes": [ { "category": "description", "text": "dom4j before 2.0.3 and 2.1.x before 2.1.3 allows external DTDs and External Entities by default, which might enable XXE attacks. However, there is popular external documentation from OWASP showing how to enable the safe, non-default behavior in any application that uses dom4j.", "title": "Vulnerability description" }, { "category": "summary", "text": "dom4j: XML External Entity vulnerability in default SAX parser", "title": "Vulnerability summary" }, { "category": "other", "text": "OpenShift Container Platform ships a vulnerable version of dom4j library. However it\u0027s used to parse configuration files, which are local disk resources. We\u0027ve rated this issue with a moderate impact for OpenShift Container Platform.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "6Server-JBEAP-7.3:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-elytron-web-0:1.6.2-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-infinispan-cachestore-jdbc-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-infinispan-cachestore-remote-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-infinispan-client-hotrod-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-infinispan-commons-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-infinispan-core-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-infinispan-hibernate-cache-commons-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-infinispan-hibernate-cache-spi-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-infinispan-hibernate-cache-v53-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-jackson-datatype-jdk8-0:2.10.4-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-datatype-jsr310-0:2.10.4-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-jaxrs-base-0:2.10.4-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-jaxrs-json-provider-0:2.10.4-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-jaxrs-providers-0:2.10.4-1.redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-jackson-module-jaxb-annotations-0:2.10.4-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el6eap.src", "6Server-JBEAP-7.3:eap7-jboss-server-migration-cli-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-core-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.0-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.1-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.3-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.0-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.1-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly11.0-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly12.0-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly13.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly14.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly15.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly16.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly17.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly18.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly8.2-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly9.0-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-netty-all-0:4.1.48-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-undertow-server-0:1.6.2-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el6eap.src", "6Server-JBEAP-7.3:eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el6eap.src", "6Server-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-wildfly-elytron-tool-0:1.10.7-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-javadocs-0:7.3.2-4.GA_redhat_00002.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-modules-0:7.3.2-4.GA_redhat_00002.1.el6eap.noarch" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2020-10683" }, { "category": "external", "summary": "RHBZ#1694235", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1694235" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2020-10683", "url": "https://www.cve.org/CVERecord?id=CVE-2020-10683" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-10683", "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-10683" } ], "release_date": "2020-04-15T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2020-08-17T13:28:01+00:00", "details": "Before applying this update, ensure all previously released errata relevant to your system have been applied.\n\nFor details about how to apply this update, see:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "6Server-JBEAP-7.3:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-elytron-web-0:1.6.2-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-infinispan-cachestore-jdbc-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-infinispan-cachestore-remote-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-infinispan-client-hotrod-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-infinispan-commons-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-infinispan-core-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-infinispan-hibernate-cache-commons-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-infinispan-hibernate-cache-spi-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-infinispan-hibernate-cache-v53-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-jackson-datatype-jdk8-0:2.10.4-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-datatype-jsr310-0:2.10.4-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-jaxrs-base-0:2.10.4-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-jaxrs-json-provider-0:2.10.4-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-jaxrs-providers-0:2.10.4-1.redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-jackson-module-jaxb-annotations-0:2.10.4-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el6eap.src", "6Server-JBEAP-7.3:eap7-jboss-server-migration-cli-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-core-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.0-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.1-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.3-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.0-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.1-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly11.0-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly12.0-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly13.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly14.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly15.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly16.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly17.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly18.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly8.2-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly9.0-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-netty-all-0:4.1.48-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-undertow-server-0:1.6.2-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el6eap.src", "6Server-JBEAP-7.3:eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el6eap.src", "6Server-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-wildfly-elytron-tool-0:1.10.7-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-javadocs-0:7.3.2-4.GA_redhat_00002.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-modules-0:7.3.2-4.GA_redhat_00002.1.el6eap.noarch" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2020:3461" } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 5.0, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:L", "version": "3.1" }, "products": [ "6Server-JBEAP-7.3:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-elytron-web-0:1.6.2-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-infinispan-cachestore-jdbc-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-infinispan-cachestore-remote-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-infinispan-client-hotrod-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-infinispan-commons-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-infinispan-core-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-infinispan-hibernate-cache-commons-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-infinispan-hibernate-cache-spi-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-infinispan-hibernate-cache-v53-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-jackson-datatype-jdk8-0:2.10.4-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-datatype-jsr310-0:2.10.4-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-jaxrs-base-0:2.10.4-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-jaxrs-json-provider-0:2.10.4-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-jaxrs-providers-0:2.10.4-1.redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-jackson-module-jaxb-annotations-0:2.10.4-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el6eap.src", "6Server-JBEAP-7.3:eap7-jboss-server-migration-cli-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-core-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.0-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.1-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.3-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.0-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.1-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly11.0-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly12.0-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly13.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly14.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly15.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly16.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly17.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly18.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly8.2-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly9.0-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-netty-all-0:4.1.48-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-undertow-server-0:1.6.2-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el6eap.src", "6Server-JBEAP-7.3:eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el6eap.src", "6Server-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-wildfly-elytron-tool-0:1.10.7-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-javadocs-0:7.3.2-4.GA_redhat_00002.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-modules-0:7.3.2-4.GA_redhat_00002.1.el6eap.noarch" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "dom4j: XML External Entity vulnerability in default SAX parser" }, { "acknowledgments": [ { "names": [ "Aaron Ogburn" ], "organization": "Red Hat", "summary": "This issue was discovered by Red Hat." } ], "cve": "CVE-2020-10687", "cwe": { "id": "CWE-444", "name": "Inconsistent Interpretation of HTTP Requests (\u0027HTTP Request/Response Smuggling\u0027)" }, "discovery_date": "2019-06-27T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1785049" } ], "notes": [ { "category": "description", "text": "A flaw was discovered in Undertow where HTTP request smuggling related to CVE-2017-2666 is possible against HTTP/1.x and HTTP/2 due to permitting invalid characters in an HTTP request. This flaw allows an attacker to poison a web-cache, perform an XSS attack, or obtain sensitive information from request other than their own.", "title": "Vulnerability description" }, { "category": "summary", "text": "Undertow: Incomplete fix for CVE-2017-2666 due to permitting invalid characters in HTTP requests", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "6Server-JBEAP-7.3:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-elytron-web-0:1.6.2-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-infinispan-cachestore-jdbc-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-infinispan-cachestore-remote-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-infinispan-client-hotrod-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-infinispan-commons-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-infinispan-core-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-infinispan-hibernate-cache-commons-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-infinispan-hibernate-cache-spi-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-infinispan-hibernate-cache-v53-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-jackson-datatype-jdk8-0:2.10.4-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-datatype-jsr310-0:2.10.4-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-jaxrs-base-0:2.10.4-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-jaxrs-json-provider-0:2.10.4-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-jaxrs-providers-0:2.10.4-1.redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-jackson-module-jaxb-annotations-0:2.10.4-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el6eap.src", "6Server-JBEAP-7.3:eap7-jboss-server-migration-cli-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-core-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.0-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.1-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.3-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.0-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.1-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly11.0-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly12.0-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly13.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly14.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly15.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly16.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly17.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly18.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly8.2-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly9.0-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-netty-all-0:4.1.48-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-undertow-server-0:1.6.2-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el6eap.src", "6Server-JBEAP-7.3:eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el6eap.src", "6Server-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-wildfly-elytron-tool-0:1.10.7-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-javadocs-0:7.3.2-4.GA_redhat_00002.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-modules-0:7.3.2-4.GA_redhat_00002.1.el6eap.noarch" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2020-10687" }, { "category": "external", "summary": "RHBZ#1785049", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1785049" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2020-10687", "url": "https://www.cve.org/CVERecord?id=CVE-2020-10687" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-10687", "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-10687" } ], "release_date": "2020-04-15T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2020-08-17T13:28:01+00:00", "details": "Before applying this update, ensure all previously released errata relevant to your system have been applied.\n\nFor details about how to apply this update, see:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "6Server-JBEAP-7.3:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-elytron-web-0:1.6.2-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-infinispan-cachestore-jdbc-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-infinispan-cachestore-remote-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-infinispan-client-hotrod-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-infinispan-commons-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-infinispan-core-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-infinispan-hibernate-cache-commons-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-infinispan-hibernate-cache-spi-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-infinispan-hibernate-cache-v53-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-jackson-datatype-jdk8-0:2.10.4-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-datatype-jsr310-0:2.10.4-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-jaxrs-base-0:2.10.4-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-jaxrs-json-provider-0:2.10.4-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-jaxrs-providers-0:2.10.4-1.redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-jackson-module-jaxb-annotations-0:2.10.4-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el6eap.src", "6Server-JBEAP-7.3:eap7-jboss-server-migration-cli-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-core-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.0-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.1-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.3-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.0-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.1-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly11.0-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly12.0-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly13.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly14.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly15.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly16.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly17.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly18.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly8.2-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly9.0-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-netty-all-0:4.1.48-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-undertow-server-0:1.6.2-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el6eap.src", "6Server-JBEAP-7.3:eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el6eap.src", "6Server-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-wildfly-elytron-tool-0:1.10.7-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-javadocs-0:7.3.2-4.GA_redhat_00002.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-modules-0:7.3.2-4.GA_redhat_00002.1.el6eap.noarch" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2020:3461" } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 4.8, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N", "version": "3.0" }, "products": [ "6Server-JBEAP-7.3:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-elytron-web-0:1.6.2-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-infinispan-cachestore-jdbc-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-infinispan-cachestore-remote-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-infinispan-client-hotrod-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-infinispan-commons-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-infinispan-core-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-infinispan-hibernate-cache-commons-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-infinispan-hibernate-cache-spi-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-infinispan-hibernate-cache-v53-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-jackson-datatype-jdk8-0:2.10.4-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-datatype-jsr310-0:2.10.4-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-jaxrs-base-0:2.10.4-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-jaxrs-json-provider-0:2.10.4-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-jaxrs-providers-0:2.10.4-1.redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-jackson-module-jaxb-annotations-0:2.10.4-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el6eap.src", "6Server-JBEAP-7.3:eap7-jboss-server-migration-cli-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-core-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.0-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.1-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.3-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.0-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.1-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly11.0-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly12.0-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly13.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly14.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly15.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly16.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly17.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly18.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly8.2-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly9.0-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-netty-all-0:4.1.48-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-undertow-server-0:1.6.2-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el6eap.src", "6Server-JBEAP-7.3:eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el6eap.src", "6Server-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-wildfly-elytron-tool-0:1.10.7-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-javadocs-0:7.3.2-4.GA_redhat_00002.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-modules-0:7.3.2-4.GA_redhat_00002.1.el6eap.noarch" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "Undertow: Incomplete fix for CVE-2017-2666 due to permitting invalid characters in HTTP requests" }, { "acknowledgments": [ { "names": [ "Alvaro Mu\u00f1oz" ], "organization": "GitHub Security Labs" } ], "cve": "CVE-2020-10693", "cwe": { "id": "CWE-20", "name": "Improper Input Validation" }, "discovery_date": "2020-02-05T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1805501" } ], "notes": [ { "category": "description", "text": "A flaw was found in Hibernate Validator version 6.1.2.Final. A bug in the message interpolation processor enables invalid EL expressions to be evaluated as if they were valid. This flaw allows attackers to bypass input sanitation (escaping, stripping) controls that developers may have put in place when handling user-controlled data in error messages.", "title": "Vulnerability description" }, { "category": "summary", "text": "hibernate-validator: Improper input validation in the interpolation of constraint error messages", "title": "Vulnerability summary" }, { "category": "other", "text": "hibernate-validator is packaged with Red Hat OpenStack Platform 13.0\u0027s OpenDaylight (ODL). However, because ODL is technical preview in this version and the flaw is moderate, Red Hat will not be releasing a fix for the OpenStack package at this time.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "6Server-JBEAP-7.3:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-elytron-web-0:1.6.2-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-infinispan-cachestore-jdbc-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-infinispan-cachestore-remote-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-infinispan-client-hotrod-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-infinispan-commons-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-infinispan-core-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-infinispan-hibernate-cache-commons-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-infinispan-hibernate-cache-spi-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-infinispan-hibernate-cache-v53-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-jackson-datatype-jdk8-0:2.10.4-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-datatype-jsr310-0:2.10.4-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-jaxrs-base-0:2.10.4-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-jaxrs-json-provider-0:2.10.4-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-jaxrs-providers-0:2.10.4-1.redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-jackson-module-jaxb-annotations-0:2.10.4-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el6eap.src", "6Server-JBEAP-7.3:eap7-jboss-server-migration-cli-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-core-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.0-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.1-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.3-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.0-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.1-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly11.0-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly12.0-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly13.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly14.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly15.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly16.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly17.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly18.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly8.2-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly9.0-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-netty-all-0:4.1.48-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-undertow-server-0:1.6.2-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el6eap.src", "6Server-JBEAP-7.3:eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el6eap.src", "6Server-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-wildfly-elytron-tool-0:1.10.7-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-javadocs-0:7.3.2-4.GA_redhat_00002.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-modules-0:7.3.2-4.GA_redhat_00002.1.el6eap.noarch" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2020-10693" }, { "category": "external", "summary": "RHBZ#1805501", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1805501" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2020-10693", "url": "https://www.cve.org/CVERecord?id=CVE-2020-10693" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-10693", "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-10693" } ], "release_date": "2020-05-05T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2020-08-17T13:28:01+00:00", "details": "Before applying this update, ensure all previously released errata relevant to your system have been applied.\n\nFor details about how to apply this update, see:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "6Server-JBEAP-7.3:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-elytron-web-0:1.6.2-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-infinispan-cachestore-jdbc-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-infinispan-cachestore-remote-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-infinispan-client-hotrod-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-infinispan-commons-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-infinispan-core-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-infinispan-hibernate-cache-commons-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-infinispan-hibernate-cache-spi-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-infinispan-hibernate-cache-v53-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-jackson-datatype-jdk8-0:2.10.4-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-datatype-jsr310-0:2.10.4-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-jaxrs-base-0:2.10.4-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-jaxrs-json-provider-0:2.10.4-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-jaxrs-providers-0:2.10.4-1.redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-jackson-module-jaxb-annotations-0:2.10.4-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el6eap.src", "6Server-JBEAP-7.3:eap7-jboss-server-migration-cli-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-core-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.0-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.1-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.3-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.0-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.1-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly11.0-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly12.0-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly13.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly14.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly15.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly16.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly17.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly18.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly8.2-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly9.0-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-netty-all-0:4.1.48-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-undertow-server-0:1.6.2-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el6eap.src", "6Server-JBEAP-7.3:eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el6eap.src", "6Server-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-wildfly-elytron-tool-0:1.10.7-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-javadocs-0:7.3.2-4.GA_redhat_00002.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-modules-0:7.3.2-4.GA_redhat_00002.1.el6eap.noarch" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2020:3461" }, { "category": "workaround", "details": "You can pass user input as an expression variable by unwrapping the context to HibernateConstraintValidatorContext. Please refer to the https://in.relation.to/2020/05/07/hibernate-validator-615-6020-released/ and https://docs.jboss.org/hibernate/stable/validator/reference/en-US/html_single/#_the_code_constraintvalidatorcontext_code.", "product_ids": [ "6Server-JBEAP-7.3:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-elytron-web-0:1.6.2-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-infinispan-cachestore-jdbc-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-infinispan-cachestore-remote-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-infinispan-client-hotrod-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-infinispan-commons-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-infinispan-core-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-infinispan-hibernate-cache-commons-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-infinispan-hibernate-cache-spi-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-infinispan-hibernate-cache-v53-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-jackson-datatype-jdk8-0:2.10.4-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-datatype-jsr310-0:2.10.4-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-jaxrs-base-0:2.10.4-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-jaxrs-json-provider-0:2.10.4-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-jaxrs-providers-0:2.10.4-1.redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-jackson-module-jaxb-annotations-0:2.10.4-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el6eap.src", "6Server-JBEAP-7.3:eap7-jboss-server-migration-cli-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-core-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.0-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.1-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.3-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.0-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.1-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly11.0-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly12.0-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly13.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly14.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly15.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly16.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly17.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly18.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly8.2-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly9.0-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-netty-all-0:4.1.48-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-undertow-server-0:1.6.2-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el6eap.src", "6Server-JBEAP-7.3:eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el6eap.src", "6Server-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-wildfly-elytron-tool-0:1.10.7-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-javadocs-0:7.3.2-4.GA_redhat_00002.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-modules-0:7.3.2-4.GA_redhat_00002.1.el6eap.noarch" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", "version": "3.1" }, "products": [ "6Server-JBEAP-7.3:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-elytron-web-0:1.6.2-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-infinispan-cachestore-jdbc-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-infinispan-cachestore-remote-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-infinispan-client-hotrod-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-infinispan-commons-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-infinispan-core-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-infinispan-hibernate-cache-commons-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-infinispan-hibernate-cache-spi-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-infinispan-hibernate-cache-v53-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-jackson-datatype-jdk8-0:2.10.4-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-datatype-jsr310-0:2.10.4-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-jaxrs-base-0:2.10.4-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-jaxrs-json-provider-0:2.10.4-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-jaxrs-providers-0:2.10.4-1.redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-jackson-module-jaxb-annotations-0:2.10.4-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el6eap.src", "6Server-JBEAP-7.3:eap7-jboss-server-migration-cli-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-core-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.0-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.1-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.3-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.0-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.1-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly11.0-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly12.0-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly13.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly14.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly15.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly16.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly17.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly18.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly8.2-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly9.0-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-netty-all-0:4.1.48-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-undertow-server-0:1.6.2-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el6eap.src", "6Server-JBEAP-7.3:eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el6eap.src", "6Server-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-wildfly-elytron-tool-0:1.10.7-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-javadocs-0:7.3.2-4.GA_redhat_00002.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-modules-0:7.3.2-4.GA_redhat_00002.1.el6eap.noarch" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "hibernate-validator: Improper input validation in the interpolation of constraint error messages" }, { "acknowledgments": [ { "names": [ "Mark Banierink" ], "organization": "Nedap" } ], "cve": "CVE-2020-10714", "cwe": { "id": "CWE-384", "name": "Session Fixation" }, "discovery_date": "2020-03-24T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1825714" } ], "notes": [ { "category": "description", "text": "A flaw was found in WildFly Elytron version 1.11.3.Final and before. When using WildFly Elytron FORM authentication with a session ID in the URL, an attacker could perform a session fixation attack. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.", "title": "Vulnerability description" }, { "category": "summary", "text": "wildfly-elytron: session fixation when using FORM authentication", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "6Server-JBEAP-7.3:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-elytron-web-0:1.6.2-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-infinispan-cachestore-jdbc-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-infinispan-cachestore-remote-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-infinispan-client-hotrod-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-infinispan-commons-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-infinispan-core-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-infinispan-hibernate-cache-commons-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-infinispan-hibernate-cache-spi-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-infinispan-hibernate-cache-v53-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-jackson-datatype-jdk8-0:2.10.4-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-datatype-jsr310-0:2.10.4-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-jaxrs-base-0:2.10.4-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-jaxrs-json-provider-0:2.10.4-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-jaxrs-providers-0:2.10.4-1.redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-jackson-module-jaxb-annotations-0:2.10.4-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el6eap.src", "6Server-JBEAP-7.3:eap7-jboss-server-migration-cli-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-core-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.0-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.1-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.3-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.0-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.1-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly11.0-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly12.0-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly13.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly14.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly15.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly16.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly17.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly18.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly8.2-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly9.0-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-netty-all-0:4.1.48-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-undertow-server-0:1.6.2-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el6eap.src", "6Server-JBEAP-7.3:eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el6eap.src", "6Server-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-wildfly-elytron-tool-0:1.10.7-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-javadocs-0:7.3.2-4.GA_redhat_00002.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-modules-0:7.3.2-4.GA_redhat_00002.1.el6eap.noarch" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2020-10714" }, { "category": "external", "summary": "RHBZ#1825714", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1825714" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2020-10714", "url": "https://www.cve.org/CVERecord?id=CVE-2020-10714" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-10714", "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-10714" } ], "release_date": "2020-04-28T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2020-08-17T13:28:01+00:00", "details": "Before applying this update, ensure all previously released errata relevant to your system have been applied.\n\nFor details about how to apply this update, see:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "6Server-JBEAP-7.3:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-elytron-web-0:1.6.2-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-infinispan-cachestore-jdbc-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-infinispan-cachestore-remote-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-infinispan-client-hotrod-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-infinispan-commons-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-infinispan-core-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-infinispan-hibernate-cache-commons-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-infinispan-hibernate-cache-spi-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-infinispan-hibernate-cache-v53-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-jackson-datatype-jdk8-0:2.10.4-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-datatype-jsr310-0:2.10.4-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-jaxrs-base-0:2.10.4-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-jaxrs-json-provider-0:2.10.4-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-jaxrs-providers-0:2.10.4-1.redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-jackson-module-jaxb-annotations-0:2.10.4-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el6eap.src", "6Server-JBEAP-7.3:eap7-jboss-server-migration-cli-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-core-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.0-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.1-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.3-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.0-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.1-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly11.0-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly12.0-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly13.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly14.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly15.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly16.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly17.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly18.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly8.2-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly9.0-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-netty-all-0:4.1.48-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-undertow-server-0:1.6.2-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el6eap.src", "6Server-JBEAP-7.3:eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el6eap.src", "6Server-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-wildfly-elytron-tool-0:1.10.7-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-javadocs-0:7.3.2-4.GA_redhat_00002.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-modules-0:7.3.2-4.GA_redhat_00002.1.el6eap.noarch" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2020:3461" }, { "category": "workaround", "details": "This attack is dependent on the attacker being able to create a session and the victim accessing the session before the session expires, we do have a 15 minute session timeout by default but the attacker could also keep this alive by say sending in a request every five minutes.\n\nThe server by default supports session tracking by URL and Cookie, if the web.xml is updated to support COOKIE only the exploit is not possible by sharing the link.\n~~~\n \u003csession-config\u003e\n \u003ctracking-mode\u003eURL\u003c/tracking-mode\u003e\n \u003c/session-config\u003e\n~~~\nTO\n~~~\n \u003csession-config\u003e\n \u003ctracking-mode\u003eCOOKIE\u003c/tracking-mode\u003e\n \u003c/session-config\u003e\n~~~", "product_ids": [ "6Server-JBEAP-7.3:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-elytron-web-0:1.6.2-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-infinispan-cachestore-jdbc-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-infinispan-cachestore-remote-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-infinispan-client-hotrod-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-infinispan-commons-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-infinispan-core-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-infinispan-hibernate-cache-commons-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-infinispan-hibernate-cache-spi-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-infinispan-hibernate-cache-v53-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-jackson-datatype-jdk8-0:2.10.4-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-datatype-jsr310-0:2.10.4-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-jaxrs-base-0:2.10.4-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-jaxrs-json-provider-0:2.10.4-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-jaxrs-providers-0:2.10.4-1.redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-jackson-module-jaxb-annotations-0:2.10.4-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el6eap.src", "6Server-JBEAP-7.3:eap7-jboss-server-migration-cli-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-core-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.0-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.1-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.3-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.0-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.1-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly11.0-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly12.0-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly13.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly14.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly15.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly16.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly17.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly18.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly8.2-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly9.0-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-netty-all-0:4.1.48-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-undertow-server-0:1.6.2-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el6eap.src", "6Server-JBEAP-7.3:eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el6eap.src", "6Server-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-wildfly-elytron-tool-0:1.10.7-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-javadocs-0:7.3.2-4.GA_redhat_00002.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-modules-0:7.3.2-4.GA_redhat_00002.1.el6eap.noarch" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "6Server-JBEAP-7.3:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-elytron-web-0:1.6.2-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-infinispan-cachestore-jdbc-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-infinispan-cachestore-remote-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-infinispan-client-hotrod-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-infinispan-commons-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-infinispan-core-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-infinispan-hibernate-cache-commons-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-infinispan-hibernate-cache-spi-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-infinispan-hibernate-cache-v53-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-jackson-datatype-jdk8-0:2.10.4-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-datatype-jsr310-0:2.10.4-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-jaxrs-base-0:2.10.4-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-jaxrs-json-provider-0:2.10.4-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-jaxrs-providers-0:2.10.4-1.redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-jackson-module-jaxb-annotations-0:2.10.4-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el6eap.src", "6Server-JBEAP-7.3:eap7-jboss-server-migration-cli-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-core-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.0-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.1-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.3-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.0-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.1-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly11.0-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly12.0-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly13.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly14.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly15.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly16.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly17.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly18.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly8.2-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly9.0-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-netty-all-0:4.1.48-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-undertow-server-0:1.6.2-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el6eap.src", "6Server-JBEAP-7.3:eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el6eap.src", "6Server-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-wildfly-elytron-tool-0:1.10.7-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-javadocs-0:7.3.2-4.GA_redhat_00002.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-modules-0:7.3.2-4.GA_redhat_00002.1.el6eap.noarch" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "wildfly-elytron: session fixation when using FORM authentication" }, { "acknowledgments": [ { "names": [ "James R. Perkins" ], "organization": "Red Hat", "summary": "This issue was discovered by Red Hat." } ], "cve": "CVE-2020-10718", "cwe": { "id": "CWE-749", "name": "Exposed Dangerous Method or Function" }, "discovery_date": "2020-03-09T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1828476" } ], "notes": [ { "category": "description", "text": "A flaw was found in Wildfly, where the embedded managed process API has an exposed setting of the Thread Context Classloader (TCCL). This setting is exposed as a public method, which can bypass the security manager. The highest threat from this vulnerability is to confidentiality.", "title": "Vulnerability description" }, { "category": "summary", "text": "wildfly: exposed setting of TCCL via the EmbeddedManagedProcess API", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "6Server-JBEAP-7.3:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-elytron-web-0:1.6.2-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-infinispan-cachestore-jdbc-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-infinispan-cachestore-remote-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-infinispan-client-hotrod-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-infinispan-commons-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-infinispan-core-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-infinispan-hibernate-cache-commons-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-infinispan-hibernate-cache-spi-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-infinispan-hibernate-cache-v53-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-jackson-datatype-jdk8-0:2.10.4-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-datatype-jsr310-0:2.10.4-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-jaxrs-base-0:2.10.4-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-jaxrs-json-provider-0:2.10.4-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-jaxrs-providers-0:2.10.4-1.redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-jackson-module-jaxb-annotations-0:2.10.4-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el6eap.src", "6Server-JBEAP-7.3:eap7-jboss-server-migration-cli-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-core-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.0-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.1-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.3-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.0-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.1-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly11.0-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly12.0-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly13.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly14.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly15.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly16.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly17.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly18.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly8.2-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly9.0-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-netty-all-0:4.1.48-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-undertow-server-0:1.6.2-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el6eap.src", "6Server-JBEAP-7.3:eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el6eap.src", "6Server-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-wildfly-elytron-tool-0:1.10.7-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-javadocs-0:7.3.2-4.GA_redhat_00002.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-modules-0:7.3.2-4.GA_redhat_00002.1.el6eap.noarch" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2020-10718" }, { "category": "external", "summary": "RHBZ#1828476", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1828476" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2020-10718", "url": "https://www.cve.org/CVERecord?id=CVE-2020-10718" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-10718", "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-10718" } ], "release_date": "2020-08-06T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2020-08-17T13:28:01+00:00", "details": "Before applying this update, ensure all previously released errata relevant to your system have been applied.\n\nFor details about how to apply this update, see:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "6Server-JBEAP-7.3:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-elytron-web-0:1.6.2-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-infinispan-cachestore-jdbc-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-infinispan-cachestore-remote-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-infinispan-client-hotrod-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-infinispan-commons-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-infinispan-core-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-infinispan-hibernate-cache-commons-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-infinispan-hibernate-cache-spi-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-infinispan-hibernate-cache-v53-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-jackson-datatype-jdk8-0:2.10.4-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-datatype-jsr310-0:2.10.4-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-jaxrs-base-0:2.10.4-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-jaxrs-json-provider-0:2.10.4-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-jaxrs-providers-0:2.10.4-1.redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-jackson-module-jaxb-annotations-0:2.10.4-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el6eap.src", "6Server-JBEAP-7.3:eap7-jboss-server-migration-cli-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-core-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.0-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.1-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.3-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.0-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.1-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly11.0-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly12.0-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly13.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly14.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly15.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly16.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly17.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly18.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly8.2-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly9.0-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-netty-all-0:4.1.48-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-undertow-server-0:1.6.2-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el6eap.src", "6Server-JBEAP-7.3:eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el6eap.src", "6Server-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-wildfly-elytron-tool-0:1.10.7-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-javadocs-0:7.3.2-4.GA_redhat_00002.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-modules-0:7.3.2-4.GA_redhat_00002.1.el6eap.noarch" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2020:3461" } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.9, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.1" }, "products": [ "6Server-JBEAP-7.3:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-elytron-web-0:1.6.2-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-infinispan-cachestore-jdbc-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-infinispan-cachestore-remote-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-infinispan-client-hotrod-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-infinispan-commons-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-infinispan-core-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-infinispan-hibernate-cache-commons-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-infinispan-hibernate-cache-spi-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-infinispan-hibernate-cache-v53-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-jackson-datatype-jdk8-0:2.10.4-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-datatype-jsr310-0:2.10.4-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-jaxrs-base-0:2.10.4-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-jaxrs-json-provider-0:2.10.4-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-jaxrs-providers-0:2.10.4-1.redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-jackson-module-jaxb-annotations-0:2.10.4-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el6eap.src", "6Server-JBEAP-7.3:eap7-jboss-server-migration-cli-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-core-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.0-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.1-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.3-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.0-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.1-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly11.0-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly12.0-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly13.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly14.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly15.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly16.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly17.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly18.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly8.2-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly9.0-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-netty-all-0:4.1.48-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-undertow-server-0:1.6.2-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el6eap.src", "6Server-JBEAP-7.3:eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el6eap.src", "6Server-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-wildfly-elytron-tool-0:1.10.7-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-javadocs-0:7.3.2-4.GA_redhat_00002.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-modules-0:7.3.2-4.GA_redhat_00002.1.el6eap.noarch" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "wildfly: exposed setting of TCCL via the EmbeddedManagedProcess API" }, { "acknowledgments": [ { "names": [ "Moritz Bechler" ], "organization": "SySS GmbH" } ], "cve": "CVE-2020-10740", "cwe": { "id": "CWE-502", "name": "Deserialization of Untrusted Data" }, "discovery_date": "2020-03-25T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1834512" } ], "notes": [ { "category": "description", "text": "A flaw was found in Wildfly. A remote deserialization attack is possible in the Enterprise Application Beans (EJB) due to lack of validation/filtering capabilities in wildfly. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availablity.", "title": "Vulnerability description" }, { "category": "summary", "text": "wildfly: unsafe deserialization in Wildfly Enterprise Java Beans", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "6Server-JBEAP-7.3:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-elytron-web-0:1.6.2-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-infinispan-cachestore-jdbc-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-infinispan-cachestore-remote-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-infinispan-client-hotrod-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-infinispan-commons-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-infinispan-core-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-infinispan-hibernate-cache-commons-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-infinispan-hibernate-cache-spi-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-infinispan-hibernate-cache-v53-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-jackson-datatype-jdk8-0:2.10.4-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-datatype-jsr310-0:2.10.4-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-jaxrs-base-0:2.10.4-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-jaxrs-json-provider-0:2.10.4-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-jaxrs-providers-0:2.10.4-1.redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-jackson-module-jaxb-annotations-0:2.10.4-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el6eap.src", "6Server-JBEAP-7.3:eap7-jboss-server-migration-cli-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-core-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.0-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.1-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.3-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.0-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.1-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly11.0-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly12.0-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly13.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly14.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly15.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly16.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly17.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly18.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly8.2-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly9.0-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-netty-all-0:4.1.48-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-undertow-server-0:1.6.2-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el6eap.src", "6Server-JBEAP-7.3:eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el6eap.src", "6Server-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-wildfly-elytron-tool-0:1.10.7-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-javadocs-0:7.3.2-4.GA_redhat_00002.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-modules-0:7.3.2-4.GA_redhat_00002.1.el6eap.noarch" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2020-10740" }, { "category": "external", "summary": "RHBZ#1834512", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1834512" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2020-10740", "url": "https://www.cve.org/CVERecord?id=CVE-2020-10740" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-10740", "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-10740" } ], "release_date": "2020-06-02T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2020-08-17T13:28:01+00:00", "details": "Before applying this update, ensure all previously released errata relevant to your system have been applied.\n\nFor details about how to apply this update, see:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "6Server-JBEAP-7.3:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-elytron-web-0:1.6.2-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-infinispan-cachestore-jdbc-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-infinispan-cachestore-remote-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-infinispan-client-hotrod-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-infinispan-commons-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-infinispan-core-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-infinispan-hibernate-cache-commons-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-infinispan-hibernate-cache-spi-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-infinispan-hibernate-cache-v53-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-jackson-datatype-jdk8-0:2.10.4-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-datatype-jsr310-0:2.10.4-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-jaxrs-base-0:2.10.4-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-jaxrs-json-provider-0:2.10.4-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-jaxrs-providers-0:2.10.4-1.redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-jackson-module-jaxb-annotations-0:2.10.4-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el6eap.src", "6Server-JBEAP-7.3:eap7-jboss-server-migration-cli-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-core-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.0-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.1-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.3-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.0-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.1-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly11.0-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly12.0-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly13.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly14.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly15.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly16.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly17.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly18.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly8.2-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly9.0-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-netty-all-0:4.1.48-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-undertow-server-0:1.6.2-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el6eap.src", "6Server-JBEAP-7.3:eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el6eap.src", "6Server-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-wildfly-elytron-tool-0:1.10.7-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-javadocs-0:7.3.2-4.GA_redhat_00002.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-modules-0:7.3.2-4.GA_redhat_00002.1.el6eap.noarch" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2020:3461" }, { "category": "workaround", "details": "There is currently no known mitigation for this issue.", "product_ids": [ "6Server-JBEAP-7.3:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-elytron-web-0:1.6.2-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-infinispan-cachestore-jdbc-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-infinispan-cachestore-remote-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-infinispan-client-hotrod-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-infinispan-commons-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-infinispan-core-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-infinispan-hibernate-cache-commons-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-infinispan-hibernate-cache-spi-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-infinispan-hibernate-cache-v53-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-jackson-datatype-jdk8-0:2.10.4-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-datatype-jsr310-0:2.10.4-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-jaxrs-base-0:2.10.4-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-jaxrs-json-provider-0:2.10.4-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-jaxrs-providers-0:2.10.4-1.redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-jackson-module-jaxb-annotations-0:2.10.4-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el6eap.src", "6Server-JBEAP-7.3:eap7-jboss-server-migration-cli-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-core-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.0-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.1-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.3-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.0-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.1-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly11.0-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly12.0-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly13.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly14.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly15.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly16.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly17.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly18.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly8.2-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly9.0-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-netty-all-0:4.1.48-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-undertow-server-0:1.6.2-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el6eap.src", "6Server-JBEAP-7.3:eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el6eap.src", "6Server-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-wildfly-elytron-tool-0:1.10.7-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-javadocs-0:7.3.2-4.GA_redhat_00002.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-modules-0:7.3.2-4.GA_redhat_00002.1.el6eap.noarch" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "6Server-JBEAP-7.3:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-elytron-web-0:1.6.2-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-infinispan-cachestore-jdbc-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-infinispan-cachestore-remote-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-infinispan-client-hotrod-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-infinispan-commons-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-infinispan-core-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-infinispan-hibernate-cache-commons-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-infinispan-hibernate-cache-spi-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-infinispan-hibernate-cache-v53-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-jackson-datatype-jdk8-0:2.10.4-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-datatype-jsr310-0:2.10.4-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-jaxrs-base-0:2.10.4-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-jaxrs-json-provider-0:2.10.4-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-jaxrs-providers-0:2.10.4-1.redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-jackson-module-jaxb-annotations-0:2.10.4-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el6eap.src", "6Server-JBEAP-7.3:eap7-jboss-server-migration-cli-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-core-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.0-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.1-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.3-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.0-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.1-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly11.0-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly12.0-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly13.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly14.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly15.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly16.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly17.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly18.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly8.2-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly9.0-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-netty-all-0:4.1.48-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-undertow-server-0:1.6.2-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el6eap.src", "6Server-JBEAP-7.3:eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el6eap.src", "6Server-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-wildfly-elytron-tool-0:1.10.7-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-javadocs-0:7.3.2-4.GA_redhat_00002.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-modules-0:7.3.2-4.GA_redhat_00002.1.el6eap.noarch" ] } ], "threats": [ { "category": "impact", "details": "Important" } ], "title": "wildfly: unsafe deserialization in Wildfly Enterprise Java Beans" }, { "cve": "CVE-2020-11612", "cwe": { "id": "CWE-400", "name": "Uncontrolled Resource Consumption" }, "discovery_date": "2020-03-23T00:00:00+00:00", "flags": [ { "label": "vulnerable_code_not_present", "product_ids": [ "6Server-JBEAP-7.3:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-elytron-web-0:1.6.2-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-infinispan-cachestore-jdbc-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-infinispan-cachestore-remote-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-infinispan-client-hotrod-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-infinispan-commons-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-infinispan-core-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-infinispan-hibernate-cache-commons-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-infinispan-hibernate-cache-spi-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-infinispan-hibernate-cache-v53-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-jackson-datatype-jdk8-0:2.10.4-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-datatype-jsr310-0:2.10.4-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-jaxrs-base-0:2.10.4-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-jaxrs-json-provider-0:2.10.4-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-jaxrs-providers-0:2.10.4-1.redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-jackson-module-jaxb-annotations-0:2.10.4-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el6eap.src", "6Server-JBEAP-7.3:eap7-jboss-server-migration-cli-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-core-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.0-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.1-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.3-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.0-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.1-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly11.0-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly12.0-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly13.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly14.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly15.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly16.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly17.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly18.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly8.2-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly9.0-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-undertow-server-0:1.6.2-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el6eap.src", "6Server-JBEAP-7.3:eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el6eap.src", "6Server-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-wildfly-elytron-tool-0:1.10.7-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-javadocs-0:7.3.2-4.GA_redhat_00002.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-modules-0:7.3.2-4.GA_redhat_00002.1.el6eap.noarch" ] } ], "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1816216" } ], "notes": [ { "category": "description", "text": "A flaw was found in Netty in the way it handles the amount of data it compresses and decompresses. The Compression/Decompression codecs should enforce memory allocation size limits to avoid an Out of Memory Error (OOME) or exhaustion of the memory pool.", "title": "Vulnerability description" }, { "category": "summary", "text": "netty: compression/decompression codecs don\u0027t enforce limits on buffer allocation sizes", "title": "Vulnerability summary" }, { "category": "other", "text": "In OpenShift Container Platform end users don\u0027t have direct access to send requests to ElasticSearch. A user could need access to the ElasticSearch service on the internal cluster network in order to be able to send malicious requests to it.\n\n\nThird party scanners flagging Red Hat Satellite due to availability of the higher version packages in Red Hat AMQ Clients (through errata RHSA-2020:2605) compare to the qpid packages from Satellite Tools repository. qpid dependency fixed in errata RHSA-2020:2605 was for Red Hat AMQ Clients and it doesn\u0027t necessarily mean that packages from Satellite Tools are affected. These are two different products with different architecture and code-base. Updating the packages from any other repository than the Satellite-tools repository is not recommended for Satellite Customers. \n\nRed Hat Satellite 6.7 and earlier ship affected version of netty, however, there is no external connection being exposed and it is used by only Artemis to open an internal connection within the JVM. Since netty does not come into contact with untrusted data, vulnerability is not exposed in product code and there is no breach of Confidentiality, Integrity or Availability expected from this vulnerability. We may update the netty and its dependency in a future release.\n\nMore information regarding Satellite related packages can be found on KCS: https://access.redhat.com/solutions/5200591", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "6Server-JBEAP-7.3:eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-netty-all-0:4.1.48-1.Final_redhat_00001.1.el6eap.noarch" ], "known_not_affected": [ "6Server-JBEAP-7.3:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-elytron-web-0:1.6.2-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-infinispan-cachestore-jdbc-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-infinispan-cachestore-remote-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-infinispan-client-hotrod-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-infinispan-commons-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-infinispan-core-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-infinispan-hibernate-cache-commons-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-infinispan-hibernate-cache-spi-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-infinispan-hibernate-cache-v53-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-jackson-datatype-jdk8-0:2.10.4-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-datatype-jsr310-0:2.10.4-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-jaxrs-base-0:2.10.4-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-jaxrs-json-provider-0:2.10.4-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-jaxrs-providers-0:2.10.4-1.redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-jackson-module-jaxb-annotations-0:2.10.4-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el6eap.src", "6Server-JBEAP-7.3:eap7-jboss-server-migration-cli-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-core-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.0-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.1-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.3-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.0-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.1-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly11.0-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly12.0-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly13.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly14.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly15.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly16.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly17.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly18.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly8.2-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly9.0-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-undertow-server-0:1.6.2-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el6eap.src", "6Server-JBEAP-7.3:eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el6eap.src", "6Server-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-wildfly-elytron-tool-0:1.10.7-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-javadocs-0:7.3.2-4.GA_redhat_00002.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-modules-0:7.3.2-4.GA_redhat_00002.1.el6eap.noarch" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2020-11612" }, { "category": "external", "summary": "RHBZ#1816216", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1816216" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2020-11612", "url": "https://www.cve.org/CVERecord?id=CVE-2020-11612" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-11612", "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-11612" } ], "release_date": "2020-01-31T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2020-08-17T13:28:01+00:00", "details": "Before applying this update, ensure all previously released errata relevant to your system have been applied.\n\nFor details about how to apply this update, see:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "6Server-JBEAP-7.3:eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-netty-all-0:4.1.48-1.Final_redhat_00001.1.el6eap.noarch" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2020:3461" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "6Server-JBEAP-7.3:eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-netty-all-0:4.1.48-1.Final_redhat_00001.1.el6eap.noarch" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "netty: compression/decompression codecs don\u0027t enforce limits on buffer allocation sizes" }, { "cve": "CVE-2020-14297", "cwe": { "id": "CWE-400", "name": "Uncontrolled Resource Consumption" }, "discovery_date": "2020-07-01T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1853595" } ], "notes": [ { "category": "description", "text": "A flaw was found in Wildfly\u0027s EJB Client, where the accumulation of specific EJB transaction objects over time can cause services to slow down and eventually become unavailable. This flaw allows an attacker to cause a denial of service. The highest threat from this vulnerability is to system availability.", "title": "Vulnerability description" }, { "category": "summary", "text": "wildfly: Some EJB transaction objects may get accumulated causing Denial of Service", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "6Server-JBEAP-7.3:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-elytron-web-0:1.6.2-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-infinispan-cachestore-jdbc-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-infinispan-cachestore-remote-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-infinispan-client-hotrod-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-infinispan-commons-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-infinispan-core-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-infinispan-hibernate-cache-commons-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-infinispan-hibernate-cache-spi-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-infinispan-hibernate-cache-v53-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-jackson-datatype-jdk8-0:2.10.4-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-datatype-jsr310-0:2.10.4-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-jaxrs-base-0:2.10.4-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-jaxrs-json-provider-0:2.10.4-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-jaxrs-providers-0:2.10.4-1.redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-jackson-module-jaxb-annotations-0:2.10.4-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el6eap.src", "6Server-JBEAP-7.3:eap7-jboss-server-migration-cli-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-core-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.0-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.1-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.3-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.0-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.1-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly11.0-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly12.0-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly13.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly14.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly15.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly16.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly17.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly18.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly8.2-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly9.0-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-netty-all-0:4.1.48-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-undertow-server-0:1.6.2-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el6eap.src", "6Server-JBEAP-7.3:eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el6eap.src", "6Server-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-wildfly-elytron-tool-0:1.10.7-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-javadocs-0:7.3.2-4.GA_redhat_00002.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-modules-0:7.3.2-4.GA_redhat_00002.1.el6eap.noarch" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2020-14297" }, { "category": "external", "summary": "RHBZ#1853595", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1853595" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2020-14297", "url": "https://www.cve.org/CVERecord?id=CVE-2020-14297" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-14297", "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-14297" } ], "release_date": "2020-07-23T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2020-08-17T13:28:01+00:00", "details": "Before applying this update, ensure all previously released errata relevant to your system have been applied.\n\nFor details about how to apply this update, see:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "6Server-JBEAP-7.3:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-elytron-web-0:1.6.2-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-infinispan-cachestore-jdbc-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-infinispan-cachestore-remote-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-infinispan-client-hotrod-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-infinispan-commons-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-infinispan-core-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-infinispan-hibernate-cache-commons-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-infinispan-hibernate-cache-spi-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-infinispan-hibernate-cache-v53-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-jackson-datatype-jdk8-0:2.10.4-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-datatype-jsr310-0:2.10.4-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-jaxrs-base-0:2.10.4-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-jaxrs-json-provider-0:2.10.4-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-jaxrs-providers-0:2.10.4-1.redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-jackson-module-jaxb-annotations-0:2.10.4-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el6eap.src", "6Server-JBEAP-7.3:eap7-jboss-server-migration-cli-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-core-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.0-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.1-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.3-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.0-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.1-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly11.0-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly12.0-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly13.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly14.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly15.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly16.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly17.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly18.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly8.2-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly9.0-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-netty-all-0:4.1.48-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-undertow-server-0:1.6.2-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el6eap.src", "6Server-JBEAP-7.3:eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el6eap.src", "6Server-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-wildfly-elytron-tool-0:1.10.7-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-javadocs-0:7.3.2-4.GA_redhat_00002.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-modules-0:7.3.2-4.GA_redhat_00002.1.el6eap.noarch" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2020:3461" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "6Server-JBEAP-7.3:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-elytron-web-0:1.6.2-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-infinispan-cachestore-jdbc-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-infinispan-cachestore-remote-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-infinispan-client-hotrod-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-infinispan-commons-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-infinispan-core-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-infinispan-hibernate-cache-commons-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-infinispan-hibernate-cache-spi-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-infinispan-hibernate-cache-v53-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-jackson-datatype-jdk8-0:2.10.4-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-datatype-jsr310-0:2.10.4-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-jaxrs-base-0:2.10.4-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-jaxrs-json-provider-0:2.10.4-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-jaxrs-providers-0:2.10.4-1.redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-jackson-module-jaxb-annotations-0:2.10.4-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el6eap.src", "6Server-JBEAP-7.3:eap7-jboss-server-migration-cli-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-core-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.0-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.1-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.3-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.0-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.1-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly11.0-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly12.0-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly13.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly14.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly15.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly16.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly17.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly18.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly8.2-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly9.0-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-netty-all-0:4.1.48-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-undertow-server-0:1.6.2-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el6eap.src", "6Server-JBEAP-7.3:eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el6eap.src", "6Server-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-wildfly-elytron-tool-0:1.10.7-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-javadocs-0:7.3.2-4.GA_redhat_00002.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-modules-0:7.3.2-4.GA_redhat_00002.1.el6eap.noarch" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "wildfly: Some EJB transaction objects may get accumulated causing Denial of Service" }, { "cve": "CVE-2020-14307", "cwe": { "id": "CWE-404", "name": "Improper Resource Shutdown or Release" }, "discovery_date": "2020-06-19T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1851327" } ], "notes": [ { "category": "description", "text": "A vulnerability was found in Wildfly\u0027s Enterprise Java Beans (EJB), where SessionOpenInvocations are never removed from the remote InvocationTracker after a response is received in the EJB Client, as well as the server. This flaw allows an attacker to craft a denial of service attack to make the service unavailable.", "title": "Vulnerability description" }, { "category": "summary", "text": "wildfly: EJB SessionOpenInvocations may not be removed properly after a response is received causing Denial of Service", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "6Server-JBEAP-7.3:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-elytron-web-0:1.6.2-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-infinispan-cachestore-jdbc-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-infinispan-cachestore-remote-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-infinispan-client-hotrod-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-infinispan-commons-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-infinispan-core-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-infinispan-hibernate-cache-commons-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-infinispan-hibernate-cache-spi-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-infinispan-hibernate-cache-v53-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-jackson-datatype-jdk8-0:2.10.4-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-datatype-jsr310-0:2.10.4-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-jaxrs-base-0:2.10.4-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-jaxrs-json-provider-0:2.10.4-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-jaxrs-providers-0:2.10.4-1.redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-jackson-module-jaxb-annotations-0:2.10.4-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el6eap.src", "6Server-JBEAP-7.3:eap7-jboss-server-migration-cli-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-core-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.0-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.1-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.3-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.0-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.1-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly11.0-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly12.0-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly13.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly14.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly15.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly16.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly17.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly18.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly8.2-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly9.0-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-netty-all-0:4.1.48-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-undertow-server-0:1.6.2-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el6eap.src", "6Server-JBEAP-7.3:eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el6eap.src", "6Server-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-wildfly-elytron-tool-0:1.10.7-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-javadocs-0:7.3.2-4.GA_redhat_00002.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-modules-0:7.3.2-4.GA_redhat_00002.1.el6eap.noarch" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2020-14307" }, { "category": "external", "summary": "RHBZ#1851327", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1851327" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2020-14307", "url": "https://www.cve.org/CVERecord?id=CVE-2020-14307" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-14307", "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-14307" } ], "release_date": "2020-07-23T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2020-08-17T13:28:01+00:00", "details": "Before applying this update, ensure all previously released errata relevant to your system have been applied.\n\nFor details about how to apply this update, see:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "6Server-JBEAP-7.3:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-elytron-web-0:1.6.2-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-infinispan-cachestore-jdbc-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-infinispan-cachestore-remote-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-infinispan-client-hotrod-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-infinispan-commons-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-infinispan-core-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-infinispan-hibernate-cache-commons-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-infinispan-hibernate-cache-spi-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-infinispan-hibernate-cache-v53-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-jackson-datatype-jdk8-0:2.10.4-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-datatype-jsr310-0:2.10.4-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-jaxrs-base-0:2.10.4-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-jaxrs-json-provider-0:2.10.4-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-jaxrs-providers-0:2.10.4-1.redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-jackson-module-jaxb-annotations-0:2.10.4-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el6eap.src", "6Server-JBEAP-7.3:eap7-jboss-server-migration-cli-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-core-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.0-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.1-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.3-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.0-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.1-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly11.0-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly12.0-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly13.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly14.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly15.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly16.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly17.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly18.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly8.2-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly9.0-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-netty-all-0:4.1.48-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-undertow-server-0:1.6.2-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el6eap.src", "6Server-JBEAP-7.3:eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el6eap.src", "6Server-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-wildfly-elytron-tool-0:1.10.7-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-javadocs-0:7.3.2-4.GA_redhat_00002.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-modules-0:7.3.2-4.GA_redhat_00002.1.el6eap.noarch" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2020:3461" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "6Server-JBEAP-7.3:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-elytron-web-0:1.6.2-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-infinispan-cachestore-jdbc-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-infinispan-cachestore-remote-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-infinispan-client-hotrod-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-infinispan-commons-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-infinispan-core-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-infinispan-hibernate-cache-commons-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-infinispan-hibernate-cache-spi-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-infinispan-hibernate-cache-v53-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-jackson-datatype-jdk8-0:2.10.4-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-datatype-jsr310-0:2.10.4-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-jaxrs-base-0:2.10.4-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-jaxrs-json-provider-0:2.10.4-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-jaxrs-providers-0:2.10.4-1.redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-jackson-module-jaxb-annotations-0:2.10.4-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el6eap.src", "6Server-JBEAP-7.3:eap7-jboss-server-migration-cli-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-core-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.0-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.1-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.3-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.0-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.1-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly11.0-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly12.0-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly13.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly14.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly15.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly16.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly17.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly18.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly8.2-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly9.0-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-netty-all-0:4.1.48-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-undertow-server-0:1.6.2-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el6eap.src", "6Server-JBEAP-7.3:eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el6eap.src", "6Server-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-wildfly-elytron-tool-0:1.10.7-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-javadocs-0:7.3.2-4.GA_redhat_00002.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-modules-0:7.3.2-4.GA_redhat_00002.1.el6eap.noarch" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "wildfly: EJB SessionOpenInvocations may not be removed properly after a response is received causing Denial of Service" } ] }
ghsa-7fhr-2694-rg79
Vulnerability from github
Published
2022-02-15 01:39
Modified
2022-11-08 20:21
Severity ?
Summary
Session Fixation in WildFly Elytron
Details
A flaw was found in WildFly Elytron version 1.11.3.Final and before. When using WildFly Elytron FORM authentication with a session ID in the URL, an attacker could perform a session fixation attack. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.
{ "affected": [ { "database_specific": { "last_known_affected_version_range": "\u003c= 1.11.3" }, "package": { "ecosystem": "Maven", "name": "org.wildfly.security:wildfly-elytron" }, "ranges": [ { "events": [ { "introduced": "0" }, { "fixed": "1.11.4" } ], "type": "ECOSYSTEM" } ] } ], "aliases": [ "CVE-2020-10714" ], "database_specific": { "cwe_ids": [ "CWE-384" ], "github_reviewed": true, "github_reviewed_at": "2022-06-24T01:26:35Z", "nvd_published_at": "2020-09-23T13:15:00Z", "severity": "HIGH" }, "details": "A flaw was found in WildFly Elytron version 1.11.3.Final and before. When using WildFly Elytron FORM authentication with a session ID in the URL, an attacker could perform a session fixation attack. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.", "id": "GHSA-7fhr-2694-rg79", "modified": "2022-11-08T20:21:38Z", "published": "2022-02-15T01:39:57Z", "references": [ { "type": "ADVISORY", "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-10714" }, { "type": "WEB", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1825714" }, { "type": "PACKAGE", "url": "https://github.com/wildfly-security/wildfly-elytron" }, { "type": "WEB", "url": "https://security.netapp.com/advisory/ntap-20201223-0002" } ], "schema_version": "1.4.0", "severity": [ { "score": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", "type": "CVSS_V3" } ], "summary": "Session Fixation in WildFly Elytron" }
gsd-2020-10714
Vulnerability from gsd
Modified
2023-12-13 01:22
Details
A flaw was found in WildFly Elytron version 1.11.3.Final and before. When using WildFly Elytron FORM authentication with a session ID in the URL, an attacker could perform a session fixation attack. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.
Aliases
Aliases
{ "GSD": { "alias": "CVE-2020-10714", "description": "A flaw was found in WildFly Elytron version 1.11.3.Final and before. When using WildFly Elytron FORM authentication with a session ID in the URL, an attacker could perform a session fixation attack. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.", "id": "GSD-2020-10714", "references": [ "https://access.redhat.com/errata/RHSA-2021:3140", "https://access.redhat.com/errata/RHSA-2020:4961", "https://access.redhat.com/errata/RHSA-2020:4960", "https://access.redhat.com/errata/RHSA-2020:3779", "https://access.redhat.com/errata/RHSA-2020:3642", "https://access.redhat.com/errata/RHSA-2020:3639", "https://access.redhat.com/errata/RHSA-2020:3638", "https://access.redhat.com/errata/RHSA-2020:3637", "https://access.redhat.com/errata/RHSA-2020:3585", "https://access.redhat.com/errata/RHSA-2020:3539", "https://access.redhat.com/errata/RHSA-2020:3501", "https://access.redhat.com/errata/RHSA-2020:3464", "https://access.redhat.com/errata/RHSA-2020:3463", "https://access.redhat.com/errata/RHSA-2020:3462", "https://access.redhat.com/errata/RHSA-2020:3461" ] }, "gsd": { "metadata": { "exploitCode": "unknown", "remediation": "unknown", "reportConfidence": "confirmed", "type": "vulnerability" }, "osvSchema": { "aliases": [ "CVE-2020-10714" ], "details": "A flaw was found in WildFly Elytron version 1.11.3.Final and before. When using WildFly Elytron FORM authentication with a session ID in the URL, an attacker could perform a session fixation attack. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.", "id": "GSD-2020-10714", "modified": "2023-12-13T01:22:04.561062Z", "schema_version": "1.4.0" } }, "namespaces": { "cve.org": { "CVE_data_meta": { "ASSIGNER": "secalert@redhat.com", "ID": "CVE-2020-10714", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "wildfly-elytron", "version": { "version_data": [ { "version_value": "wildfly-elytron 1.10.7.Final" } ] } } ] }, "vendor_name": "n/a" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "A flaw was found in WildFly Elytron version 1.11.3.Final and before. When using WildFly Elytron FORM authentication with a session ID in the URL, an attacker could perform a session fixation attack. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "CWE-384" } ] } ] }, "references": { "reference_data": [ { "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1825714", "refsource": "MISC", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1825714" }, { "name": "https://security.netapp.com/advisory/ntap-20201223-0002/", "refsource": "CONFIRM", "url": "https://security.netapp.com/advisory/ntap-20201223-0002/" } ] } }, "gitlab.com": { "advisories": [ { "affected_range": "(,1.11.3]", "affected_versions": "All versions up to 1.11.3", "cvss_v2": "AV:N/AC:H/Au:N/C:P/I:P/A:P", "cvss_v3": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", "cwe_ids": [ "CWE-1035", "CWE-384", "CWE-937" ], "date": "2022-06-24", "description": "A flaw was found in WildFly Elytron version 1.11.3.Final and before. When using WildFly Elytron FORM authentication with a session ID in the URL, an attacker could perform a session fixation attack. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.", "fixed_versions": [ "1.11.4" ], "identifier": "CVE-2020-10714", "identifiers": [ "GHSA-7fhr-2694-rg79", "CVE-2020-10714" ], "not_impacted": "All versions after 1.11.3", "package_slug": "maven/org.wildfly.security/wildfly-elytron", "pubdate": "2022-02-15", "solution": "Upgrade to version 1.11.4 or above.", "title": "Session Fixation", "urls": [ "https://nvd.nist.gov/vuln/detail/CVE-2020-10714", "https://bugzilla.redhat.com/show_bug.cgi?id=1825714", "https://security.netapp.com/advisory/ntap-20201223-0002/", "https://github.com/advisories/GHSA-7fhr-2694-rg79" ], "uuid": "db43a5b8-a6a7-47c9-838d-ed3aa5942a4b" } ] }, "nvd.nist.gov": { "configurations": { "CVE_data_version": "4.0", "nodes": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:a:redhat:wildfly_elytron:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "1.11.3", "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:a:redhat:jboss_fuse:7.0.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:redhat:process_automation:7.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:redhat:descision_manager:7.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:redhat:codeready_studio:12.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:a:netapp:oncommand_insight:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" } ] }, "cve": { "CVE_data_meta": { "ASSIGNER": "secalert@redhat.com", "ID": "CVE-2020-10714" }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "en", "value": "A flaw was found in WildFly Elytron version 1.11.3.Final and before. When using WildFly Elytron FORM authentication with a session ID in the URL, an attacker could perform a session fixation attack. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "en", "value": "CWE-384" } ] } ] }, "references": { "reference_data": [ { "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1825714", "refsource": "MISC", "tags": [ "Issue Tracking", "Mitigation", "Vendor Advisory" ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1825714" }, { "name": "https://security.netapp.com/advisory/ntap-20201223-0002/", "refsource": "CONFIRM", "tags": [ "Third Party Advisory" ], "url": "https://security.netapp.com/advisory/ntap-20201223-0002/" } ] } }, "impact": { "baseMetricV2": { "acInsufInfo": false, "cvssV2": { "accessComplexity": "HIGH", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 5.1, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:H/Au:N/C:P/I:P/A:P", "version": "2.0" }, "exploitabilityScore": 4.9, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "MEDIUM", "userInteractionRequired": true }, "baseMetricV3": { "cvssV3": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1" }, "exploitabilityScore": 1.6, "impactScore": 5.9 } }, "lastModifiedDate": "2022-11-08T13:58Z", "publishedDate": "2020-09-23T13:15Z" } } }
Loading...
Loading...
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.